Analysis by: Joachim Capiral

We spotted another spam campaign where the emails try to extort money from the recipient. The spammed message tries to induce fear by convincing users that their information is in the possession of the sender. The body of the email indicates that user's computer has been loaded with a remote access trojan (RAT) or that a pornography site the user has purportedly visited has a virus in it. The email, moreover, goes on to claim that they have a video of the recipient viewing a porn site, and they will send it to all of his/her social network and email contacts.

The cybercriminals will then demand payment, via Bitcoin, in exchange for the information on the user. Interestingly, the emails arrive in different languages, depending on the recipient. This is yet another attempt from the criminals to make their scam convincing.

Here we show how the spam mails were primarily distributed across the world:

Top 10 country recipients of the spam email in Arabic

Top 10 country recipients of the spam email in French

Top 10 country recipients of the spam email in Korean

Trend Micro users are protected from this email threat. Users are advised to be extra wary of schemes like this where emails are crafted in such a way that is specific to the recipient. This kind of approach is not novel and has been used in previous campaigns aiming to lure users into sending money. A good rule of thumb is for users to not open or entertain any unsolicited emails.
 SPAM BLOCKING DATE / TIME: September 17, 2018 GMT-8
  • ENGINE:8.0
  • PATTERN:24102