Scammers taking advantage of the holiday shopping frenzy are leveraging the Asprox botnet, notorious for furthering spam campaigns, to deliver malware to unsuspecting users.
This week, emails made to look like order confirmations from major retailers, like Best Buy, Target, and Walmart, were used as bait, Malcovery Security revealed Wednesday. The campaign, observed spreading spam on Monday and Tuesday, delivered two versions of malware to victims: one sent via malicious email attachments, and another version spread through links to malicious websites, the blog post said.
“The two versions had entirely non-intersecting command [and] control infrastructure…” the post explained, including a chart of IP addresses used to control the malware.
In October, security company Cloudmark noted another phishing campaign that lured users in with seemingly legitimate Pizza Hut coupons. Ultimately, recipients that downloaded ZIP files were ensnared in the Asprox botnet.