Análisis realizado por: Joachim Capiral

Spammers are at it again in their attempts to infect users with banking trojans using malicious spam campaigns, and this latest one is no different. Our engineers received samples of what appears to be spam trying to trick the user into opening its malicious attachment by insisting that it is a 'confidential document', one that has been encrypted and protected. Instead, when accessed, the document downloads and executes a banking Trojan detected as a variant of TSPY_DYRE.

Users are once more warned against opening any attachment in mails from unexpected senders.

Trend Micro customers are protected from this threat.
 Fecha/hora de bloqueo del spam: 10 de marzo de 2017 GMT-8
 TMASE
  • Motor TMASE: 8.0
  • Patrón TMASE: 934