Bredolab masked as Facebook Password Reset Confirmation


MX Lab detected a new Bredolab variant masking itself as the "Facebook Password Reset Confirmation". The From address in the email is shown as "The Facebook Team <service@facebook.com>" but the real SMTP from address is spoofed. The attachment has the name Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe. the part between _ and .zip at the … Continue reading Bredolab masked as Facebook Password Reset Confirmation