Jun
5
2019

Email Phishing Attack using Official Logo and Email-id

NPAV Lab has discovered a new phishing attack on 04th June 2019. Hackers have created a phishing email which has an official company logo, email id and other details which trick users to believe that it is legitimate mail.

We were surprised to see hackers using details of a local Indian company which is based in Khopoli, Maharashtra. The email id used (purchase@ven…) also is of the reputed Indian engineering manufacturer. Local Indian corporate users would be easily tricked by such type of fraudulent email due to official logo, GST details, address etc.. Hackers have used email signature and also email id of the victim to trick and spread their malware.

The email also has a deceiving PDF image which looks like a GMAIL attachment (RFQ 8924.pdf), but actually is a link to one-drive hosted malware file.

The receiver of this email clicks the link believing it to be a genuine Purchase Order PDF. Then a malware file is downloaded from onedrive (onedrive.live.com) with file name PORelease #.lzh,

This a compressed file format. Winrar or other similar application will then extract and run the malware file (PORelease #.exe) inside the .lzh archive.

Link: https://onedrive.live.com/download?cid=633055…

NPAV Total Security blocks and protects users from such threats.

Further analysis of the malware by NPAV Lab Malware analysis team identified the malware as a Password Stealer which attempts to steal passwords from various email, browser and FTP applications.

Keep your Net Protector updated to protect from all types of threats.

Phishing is an attack often used to steal user data, including login credentials and credit card numbers. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware.