Western Union spam downloads keylogger

Share this article:
Spam emails, purporting to deliver a money-transfer notification from Western Union, but containing an attachment with an executable trojan, have been spotted in the wild by researchers at Sunbelt Software.

The emails tell the recipient that $3,750 has been transferred to them by Western Union and includes a tracking number and transfer sheet, Alex Eckelberry, Sunbelt president and chief executive officer, said on a company blog.

The attachment, which poses as the transfer sheet, downloads a keylogger onto the recipient's PC that collects personal information, including user names and passwords, Adam Thomas, Sunbelt malware researcher, told SCMagazineUS.com today. The malware then sends the data to an email address at a third-party hosting site, he said.

Thomas added that the attack method is not very sophisticated, pointing out that the name of the recipient is not accurate and the message contains an executable attachment, which most email clients don't allow users to open by default.

“[The downloaded trojan] goes through a charade and pops up a message with a test question," he said. "It's doing its best to make you think it's a real form of payment sent to you, hoping you'll open it just out of curiosity."

The keylogger sends the stolen information to a hotpop.com email address, Thomas said. Sunbelt has notified the abuse department of the Newton, Mass.-based company, which offers a range of hosting services, about the attack.

The attack's creator likely used Western Union as a lure because “it's the method the bad guys use to transfer money,” Thomas said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.