Fake email Ocado customer service contains malicious Word file

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your receipt for today’s Ocado delivery”.

This email is send from the spoofed address “Ocado customer services <customerservices@ocado.com>” and has the following body:


Your receipt for today’s delivery is attached to this email. I’ll be delivering your 12:00-14:00 order and, so you’ll know it’s me, I’ll be driving the Lemon van.

Your order doesn’t have any substitutions, everything’s there.

See you later,


A screenshot of the email:

The attached file receipt.doc is a Word file with a malicious macro that will download the trojan.

The malicious Word file is known as LooksLike.Macro.Malware.gen!d3 (v), W97M.Downloader.ACK, W97M.DownLoader.672, W2KM_DRIDEX.XDH or Troj/DocDl-ADW.

At the time of writing, 17 the 56 AV engines did detect the malicious Word file.

Use the Virus Total for more detailed information.
SHA256: 44805663bb4a9593cef0aa693f363dbd60ccf4ce50fe04ed9ce6e96f1ff57212

One thought on “Fake email Ocado customer service contains malicious Word file

Comments are closed.