Fake Email Invoice Leads to Ransomware-related URLs

 Analysis by: Cedrick Ramos

A spam message that contains ransomware-related URLs has been spotted to make rounds in unsuspecting users' inboxes. The said spam poses to be an email invoice asking the user to click on the URLs to view a PDF copy of his/her personal invoice. Under the guise of the links are ransomware-related URLs that can infect machines. Some variants of this spam also come with malicious HTML attachments.

Furthermore, the email addresses the recipient as a customer who requested the invoice--complete with an overview of the invoice number, date, and amount. In case the user isn't able to open the attachment, the mail even proceeds to include a download link to Adobe Acrobat Reader. The links in the spam message are already detected as Malware Accomplice.

Trend Micro users are protected against this threat. It is always advised to carefully check emails, especially the unsolicited ones, and not click on links and attachments haphazardly.
 SPAM BLOCKING DATE / TIME: September 12, 2017 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:3326