MailGuard’s cloud email filtering technology first detected and blocked this threat as it emerged.
This latest scam email informs the recipient that they have an overdue invoice from DHL with a PDF attachment.
Here is an image of what to look out for:
When the zip file is extracted, it contains an executable file suspected to be a trojan dropper:
When the recipient opens the email containing a PDF, it shows a blurred image of an invoice. When clicked, it redirects the user to a malicious download.
Anti-virus vendors are picking the executable up as a 'Gen:Variant.Razy', which is a generic trojan that downloads more malware and potentially steals personal information from the affected system without the user's knowledge.
Even though the file is a well-known executable malware, the fact that it is linked from within a pdf attachment makes it harder to detect.
This isn’t the first time MailGuard has detected a DHL email scam. Last year, MailGuard identified and blocked an email alerting the recipient of a package which has been supposedly dispatched to be delivered to them.
As a precaution, we urge you to delete emails that:
- Appear to be from a legitimate company but are not addressed to you by name or are written in poor English.
- Require you to click a link in the email body to verify your identity or account credentials, or
- Have an unusual request that you would not expect to receive from the official purported sender.
To protect your business, we recommend that you share this alert and educate your staff about the nature of cyber threats, and employ cloud-based email and web filtering. A multi-layered approach combining desktop antivirus, anti-malware and anti-spyware will further mitigate the threat posed by emerging scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.