News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Keylogger Phishing Malspam

    Home Forums Code Red – Security/Privacy advisories Keylogger Phishing Malspam

    This topic contains 0 replies, has 1 voice, and was last updated by  Kirsty 1 week ago.

    • Author
      Posts
    • #1944622 Reply

      Kirsty
      Da Boss

      Fake DHL email delivers an unknown keylogger coupled with a phishing scam
      Share This with your friends and contacts. Help THEM to stay safe:

      By Derek Knight | September 8, 2019

       
      I was extremely surprised to wake up this Sunday Morning to a whole slew of fake DHL delivery notice emails with a macro enabled word doc attachment that eventually downloads some sort of Keylogger.

      There is some dispute as to what the actual Keylogger is. Some AV on VirusTotal describe it as an AgentTesla generic, whereas Anyrun app calls it Sentinel. I don’t think either are 100% correct.

      This malware doc downloads from https://heritagebank[.]ga/Quotation.exe (Virustotal) which is behind cloudflare and also is a phishing site for the genuine heritage bank.

      Update 9 September 2017: Another run of exactly the same email but today they have a .z ( zip ) file attachment extracting to a .exe.

      All the alleged senders, companies, names of employees, phone numbers, amounts, reference numbers etc. mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t.

      Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware. Also please read our post about word macro malware and how to avoid being infected by them.

       
      Read the full article here

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Keylogger Phishing Malspam

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.