Cybercriminals using the image of Poczta Polska are spreading malicious software

One of the readers of Niebezpiecznik.pl accidentally came across this incident. The shared e-mail is characteristic of spam campaigns and nothing special is different, except that even today at noon, malware was completely undetectable (FUD) for all antivirus programs - according to the analysis carried out on VirusTotal. Currently, malware is detected by 12 antivirus engines .

The message that was sent to its victims was, as usual, primitive. But what to expect from such attacks? The hyperlink directs the victim to a malicious but confusingly similar (except for the URL address) page belonging to Poczta Polska, where you can track the parcel. The real website is: http://emonitoring.poczta-pol…, false: hxxp: //poczta-s.net/track/index.php

The victim, after rewriting the captcha, is asked to download the attachment, which is packed twice. The second archive contains malware pdf Information about the plot. Trojan written in C ++ injects its malicious code into the svchost.exe process and can download additional malware without any problems (the svchost.exe process is trusted) and spy on the user by sending this information to the defined server .

If by chance you have become a victim of this spam, you have launched a malicious file, check what applications are connecting to the network and thoroughly scan the computer with various scanners. And for the future it is worth remembering the basic principles of security of using e-mail.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.