Incident Response, Malware, TDR

Phishing campaign passes off Pony Stealer trojan as ‘overdue invoice’

Avast is warning users that emails containing an “overdue invoice” from Maersk, may actually be a ploy to spread a trojan, called Pony Stealer.

Earlier this week, Avast's David Fiser wrote about the phishing campaign. One malicious email, which appeared to come from a “Maersk VietNam Limited” Gmail account, claimed to include direct links to the invoice.

Victims following the URLs believe they'll download a PDF file with additional information, Fiser wrote, but when the malicious file is executed, the "final vicious payload" is downloaded. Pony Stealer has previously been used to steal $220,000 worth of bitcoins from victims, Fiser noted.

In this campaign, the payload URL was downloaded from a compromised website, which attackers infected with a backdoor. Fiser advised administrators to secure their server using security best practices to prevent their sites from being used for hackers' exploits.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.