Analysis by: Benedict Cyril Villaroman

Another wave of cryptocurrency scams is delivered via spam. This time, it pressures users to pay via bitcoins. This wave is alarming in particular due to the nature of the message. The sender threatens recipients with bomb threats. Some samples of the said email are below:

Apart from the above, some spam messages have the following subject lines, making recipients click on and read:

  • My device is inside your building
  • Think twice
  • You don't have much time
  • Bomb is in your building
  • Do not panic
  • Better listen to me
  • keep calm
  • We can make a deal
  • Do not waste your time
  • Rescue service will complicate the situation
  • I offer you a transaction
  • You are responsible for people
  • Your building is under my control
  • Think about how they can help you
  • No need to be heroic
  • Use your time wisely
  • I give you a chance
  • Dont play with me
  • You can avoid problems
  • Dont get on my nerves
  • I advise you not to call the police

Most of the spam messages are coming from IP addresses that appear to be hosted in Russia. Our telemetry reports that most recipients are located in the US, UK, and Germany.

While it does not carry a malicious attachment, users should be wary of messages of this nature. Trend Micro products with anti-spam are protected from these messages.

 SPAM BLOCKING DATE / TIME: 15 December 2018 GMT-8
 TMASE
  • TMASE Engine: 8.2.1000
  • TMASE Pattern: 24290