Fake email “You have received a new secure message” from JP Morgan Chase contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “You have received a new secure message”.

This email is send from the spoofed address “Dylan A Scheffel <Dylan.A.Scheffel@jpmorgan.com>” and has the following body:

This is a secure, encrypted message.

Desktop Users:
Open the attachment (message_zdm.html) and follow the instructions.

Mobile Users:
Voltage secure mail is not currently supported on mobile devices. If you experience issues, please access your secure message from a fully functional browser.
Need Help?
Personal Security Image
Your personalized image for: be357ec@betransport.com
This personal security image will appear on secure email to you.
Disclaimer: This email and any attachments are confidential and for the sole use of the recipients. If you have received this email in error please notify the sender.
Email Security Powered by Voltage IBE
Copyright 2013 JPMorgan Chase & Co. All rights reserved

The attached file message_zdm.zip contains the 36 kB large file message_zdm.exe.

The trojan is known as Trojan.DownLoader11.53284, Upatre.FN, Troj/Agent-AKUU or HB_Arkam.

At the time of writing, 11 of the 54 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink or Malwr permalink for more detailed information.
SHA256: 25808f5afa8c93d477a954e4a0444b63fbaccac72a56dcd87d252df2606c0e19

One thought on “Fake email “You have received a new secure message” from JP Morgan Chase contains trojan

Comments are closed.