Hackers Sending Banking Trojans Via Fake Amazon Order Confirmations
Scammers are out with phishing and malspam campaigns in this last-minute rush to make the Christmas deadline.
A new campaign that pretends to be a legitimate email from Amazon or Apple about the order confirmation is hitting hard the shoppers around the world.
The malspam campaign was discovered by an email security company EdgeWave. The fake order confirmations are being sent through emails with subject lines that include “Your Amazon.com order”, “Amazon order details”, and “Your order 162-2672000-0034071 has shipped”.
Once you click on the email, it will show you an order confirmation of your item and says that it has been shipped, but without any details of the ordered item or its tracking information. To see more information you have to click on order details button.
After clicking on the order button, it downloads Word document named order_details.doc. Once the file is opened, it will tell you to Enable Content in order to properly view.
When a user Enable Content button, it executes a PowerShell command that downloads and execute the Emotet banking Trojan on the victim’s computer.
According to the researchers at EdgeWave the compromised servers used in this campaign are located in Columbia, Indonesia, and the United States of America.
“Interestingly, these other servers are in Houston and Lansing. Playing Dora the Explorer for a moment, we’ve encountered a compromised email server in Columbia sending phishing email with a link to a server in Indonesia that downloads malware which then contacts compromised servers in the United States. The holidays are truly global!”