Fake email “Transaction completed” from Barclays contains Trojan.Ransom.ED


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your transaction is completed”.

This email is send from the spoofed address “Barclays.NET” <support@barclays.net>” and has the following body:

Transaction is completed. 8678 GBP has been successfully transfered.
If the transaction was made by mistake please contact our customer service.
Payment receipt is attached.
*** This is an automatically generated email, please do not reply ***
Barclays.Net 2013 Corporation. All rights reserved.

The attached ZIP file has the name Payment receipt 1534465.zip and contains the 70 kB large file Payment receipt 8821991.exe (note: file name may vary with each email).

The trojan is known as Trojan.Ransom.ED or Mal/Generic-S.

At the time of writing, 2 of the 54 engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: baa52d35dd98c788729f661c9c9d7b4053fcbdb3083943b9d517b83fe38063a6

One thought on “Fake email “Transaction completed” from Barclays contains Trojan.Ransom.ED

Comments are closed.