The use of bogus invoices remains an effective social engineering tactic as seen in the continuous usage of such technique. Recently, we spotted a spammed message written in German language that purports as a notification. It informs users that their invoice is contained in the attached .ZIP file. When users opened the attachment, it executes a malware detected as TSPY_BEBLOH.MJM. This spyware steals information such as IP address, OS version, hardware ID, and socks port among others. It also monitors websites related to financial institutions and steals FTP credentials on the infected system.
Trend Micro protects users from this threat via its Smart Protection Network that detects the spam and malicious file.