Analysé par: Fjordan Allego

HSBC customers, and online banking users in general, are targets of phishing and online banking scams always. The spammed message we have seen targeting HSBC users poses as a reply to a supposedly earlier mail request from the recipient. The payment advice that is being referred to in the mail is an attachment, which Trend Micro detects as TROJ_UPATRE.YYSK.

Extracting the attachment leads the unsuspecting user to a file named CashPro, which looks like a PDF file. However, upon further checking, the attachment is actually the UPATRE malware. UPATRE is known to gather computer information. It is also known to download/be distributed with information theft malware such as ZBOT and DYRE.

Trend Micro products effectively blocks this malicious spam and its attachment.

 Spam Blocking Date/Time: : 06 février 2015 GMT-8
 TMASE
  • TMASE Engine: 7.5
  • TMASE Pattern: 1308

Fichier associé