Fake Western Union Spam leads to Malware

As Phishing emails continue to get sent out with subject lines containing financial transaction services like Western Union, PayPal or similar, we are so used to it that we mostly ignore those emails; they get marked as Spam or Phishing anyways by our email filters.

A Phishing email usually works like this: The potential victim receives an email which tells to follow a link inside the mail to review the banking account, the address or something else. These web sites are most of the times very good copies of the original web site. There the cyber criminals try to catch the login details and TAN codes of the victim for their own criminal purposes.

Today we saw something strange in such a Spam email which got sent out in masses. It has the subject line “The transfer is available to withdrawl. Western Union.”

The malware authors which spammed out this email attached a .jpg file to it, which is a file format for pictures. This pseudo JPG file is in fact a ZIP Archive.

This is a bit counterproductive for the cyber criminals as the recipient has to save the file attachment, rename it to .zip, has to open that archive and execute the malware from there. A guide explaining these steps is missing in the mail, though. Usually, “ease of use” has the highest priority for malware authors – this complicated task won’t lead to many victims for sure!


Leave a Reply