Fake Amazon Invoice Arrives with Locky Ransomware

 Analysis by: Cedrick Ramos

A fake invoice spoofing Amazon Marketplace is spreading Locky ransomware. The email contains a message thanking the recipient for their purchase and refers to an attached invoice as proof of purchase.The attachment contains Locky ransomware which infects the recipient's machine when they open the file.The body also contains legitimate Amazon URLs to help fool recipients of the email. 

Upon investigation, the attachment is already detected as 'Mal_VBSCRDLX'. Cybercriminals often spoof trustworthy or notable companies such as Amazon in their campaigns. Users are always advised to carefully check the emails they receive and be cautious when opening attachments. 
 SPAM BLOCKING DATE / TIME: September 21, 2017 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:3342