Analysis by: Fjordan Allego

HSBC customers, and online banking users in general, are targets of phishing and online banking scams always. The spammed message we have seen targeting HSBC users poses as a reply to a supposedly earlier mail request from the recipient. The payment advice that is being referred to in the mail is an attachment, which Trend Micro detects as TROJ_UPATRE.YYSK.

Extracting the attachment leads the unsuspecting user to a file named CashPro, which looks like a PDF file. However, upon further checking, the attachment is actually the UPATRE malware. UPATRE is known to gather computer information. It is also known to download/be distributed with information theft malware such as ZBOT and DYRE.

Trend Micro products effectively blocks this malicious spam and its attachment.

 SPAM BLOCKING DATE / TIME: February 06, 2015 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:1308

Related Malware