Spam offering fake Visa benefits, rewards leads to TeslaCrypt ransomware.

Spam related to credit cards is a typical scam observed on a daily basis. Some attempt to fool recipients into giving up their personal information along with their credit card numbers in the form of phishing attacks, while others attempt to lure victims into various online scams.

Image

On the other hand, credit card-related spam campaigns involving malware are not as commonly seen. Recently observed a spam campaign offering fake Visa rewards and benefits as bait to deliver ransomware to recipients’ computers.

The email in this particular campaign purports to come from Visa Total Rewards and provides details about the benefits of using Visa credit cards. Attached to the email is an archive file which poses as a whitepaper containing more information about the supposed rewards and benefits offered by the program. If the recipient opens the attachment, they will see only an attached JavaScript file.

If the recipient is fooled into opening the JavaScript file, the script downloads a variant of the TeslaCrypt ransomware from the specified URL and runs it. A few minutes later, a message is displayed stating that all of the user’s files have been encrypted and payment in Bitcoin is required to decrypt the files.