Analysis byFjordan Allego

HSBC customers, and online banking users in general, are targets of phishing and online banking scams always. The spammed message we have seen targeting HSBC users poses as a reply to a supposedly earlier mail request from the recipient. The payment advice that is being referred to in the mail is an attachment, which Trend Micro detects as TROJ_UPATRE.YYSK.

Extracting the attachment leads the unsuspecting user to a file named CashPro, which looks like a PDF file. However, upon further checking, the attachment is actually the UPATRE malware. UPATRE is known to gather computer information. It is also known to download/be distributed with information theft malware such as ZBOT and DYRE.

Trend Micro products effectively blocks this malicious spam and its attachment.

 SPAM BLOCKING DATE / TIME: 06 de февраля de 2015 GMT-8
 TMASE
  • TMASE Engine: :
  • Patrón TMASE: :1308

Zugehörige Datei