Photos from MJ's Memorial Mask Malware

Written by: Bernadette Caraig

How does this threat get into users' systems?

Spammed messages claiming to contain photos of Michael Jackson’s funeral arrive in users’ inboxes. Clicking the link in the email messages triggered the download of a malicious file detected by Trend Micro as TROJ_DLOADER.ZRC.

How does this threat affect users?

The Trojan stole bank-related information, which could lead to financial losses for affected users.

How does this threat make money for its perpetrators?

The downloaded file that supposedly contained photos of Michael Jackson’s funeral was actually a malware that downloads an information stealer, aka TSPY_BANCOS.HZ. The stolen information could then be used to steal money from users or be sold to the highest bidders in the underground market.

What is the driving force behind this threat?

Similar to most data-stealing Trojan spyware, financial gain is the driving force behind this attack. Cybercriminals aimed to steal users' bank-related information such as account numbers and passwords.