Fake invoices from well-known companies in circulation
G DATA Security-Solutions protect against disguised malware
The fraudsters are trying to use the fake invoices to get the email recipients to click on a link or open the attachment. But lurking behind this are the banking Trojans Swatbanker and Bebloh.
Users can recognise the email as fake from the fact that there is no personal salutation. In the case of the Deutsche Telekom invoice, there is no individual account number. The fake email should be deleted immediately. Recipients who are not sure whether the invoice is fake should ask the relevant company if they have an outstanding invoice.
If a recipient has already clicked on the download link or the attachment and allowed the malware to get into their computer, they should immediately deploy reliable, comprehensive antivirus software.
G DATA security solutions detect the malware
The link in the email leads to an .exe file disguised as a PDF document.
Once run, the Swatbanker banking Trojan embeds itself on the victim's PC. The deceitful thing about the scam is that unsuspecting recipients are likely to go straight to their online banking system to transfer the amount. The Trojan will then immediately record the account details.
The first wave of the current spam emails emerged in mid-May with supposed invoices from Deutsche Telekom and Vodafone. Since then, other companies such as Volksbank and Sparkasse have become involved. The attackers change the URL formula and the variants of the malware being used to make the attacks harder for AV solutions and potential victims to fend off.
The first emails contained a link to the malware, but now the emails are being sent with an attachment in .zip format. A new malware type called Bebloh is now being used as well, mainly in the form of an email attachment.
G DATA SecurityLabs assume that different groups are behind the email attacks.
The BankGuard technology integrated into all G DATA security solutions fended off the malware as soon as it showed up.
Use a comprehensive security solution
Use of a comprehensive security solution is crucial for protection against dangerous emails and other malware in the future. The security software should be equipped with a malware scanner, firewall, and web, exploit and real-time protection. Also recommended is a spam filter for protection against unwanted email.
Further tips and a deeper analysis of the malware can be found at the G DATA SecurityBlog: https://blog.gdatasoftware.com/blog/article/massive-spam-campaign-returns-cridex-successor-swatbanker-is-spread.html