“Important notification for a Mastercard holder” with trojan disguised as email from Mastercard


After the fake email from Royal Mail regarding detained package a similar trojan distribution campaign appears with more or less the same lay out in the email that targets Mastercard holders with the subject “Important notification for a Mastercard holder”.

MX Lab, http://www.mxlab.eu, started to intercept this emails that are send from the spoofed address “MasterCard” and has the following body:

Important notification for a Mastercard holder!

Your Bank debit card has been temporarily blocked
We’ve detected unusual activity on your Bank debit card . Your UK Bank debit card has been temporarily blocked, please fill document in attachment and contact us

About MasterCard Global Privacy Policy Copyright Terms of Use

© 1994-2013 MasterCard

Screenshot of the email body:

The attached ZIP file has the name MasterCard_D77559FFA7.zip and contains the 131 kB large file MasterCard_info_pdf_34857348957239509857928472389469812364912034237412893476812734.pdf.exe.

The trojan is known as PasswordStealer.Fareit, Trojan-PWS/W32.Tepfer.131072.HS, PE:Malware.Obscure/Huer!1.9E03, Troj/Agent-AFAZ or Trojan.DownLoader9.22851.

At the time of writing, 12 of the 48 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink and Malwr permalink for more detailed information.
SHA256

Follow

Get every new post delivered to your Inbox.

Join 341 other followers

%d bloggers like this: