Australian airline Qantas has been spoofed by malware operators connected to the Andromeda malware botnet.
Researchers with security firm Trustwave
have spotted a series of spam messages claiming to be booking receipts
from the airline. The messages inform the user that a flight reservation
has been made and a receipt is attached.
Upon attempting to open the file and view
the supposed receipt information, the attachment activates and attempts
to download a number of additional malware payloads on the infected
system. Among the applications downloaded is a command and control tool
which is connected to the Andromeda infection.
Originally discovered in 2011, Andromeda has seen a resurgence in recent weeks as a series of spam campaigns have been connected to the infection.
“Cybercriminals have been actively
spamming out Andromeda loaders for the past year. The spam themes vary
from flight, courier, tax, hotel, payroll, invoice, social media and
among others,” Trustwave said in its report.
“Most of the time the spam campaigns are very legitimate looking. It may be hard to spot whether it’s a malicious email.”
Andromeda is one of a growing number of botnets
which has relied on misleading spam messages to infect users. Often
posing as official notices from large companies or government agencies,
the spam messages often threaten penalty or account loss if users don't
open the attached payload or follow a link to an attack site.
Experts advise users to be weary of any
claimed official notices or notifications that arrive as unsolicited
emails. Users who are unsure about the nature of a notice are advised
not to open attachments or links and instead contact a customer service
representative.
No comments:
Post a Comment