Friday, June 12, 2015
Amazon Themed Malware Targets Crypto Currency
AppRiver issued a warning about a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations but that actually injects malware, identified as the Fareit malware family. Once unleashed, it begins pilfering the target machine for just about every type of Crypto currency in existence.
Troy Gill, manager of security research at AppRiver confirms, "Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations. The messages simply state that ‘your order has been confirmed’ and contains a small amount of details. The user being targeted is directed to an attached .doc file for the shipping and tracking details."
In order for the .doc (MD5sum=998692c0e93d4821c069aa96ddff800c) to actually infect the user’s machine they must have Macro’s enabled for MS Word.
Troy continues, "The malware contained in these messages is identified as part of the Fareit malware family. This family of malware is often distributed via Word documents with malicious macros embedded and has been known to drop multiple malware variants on the target machine. In this particular case the malware quickly goes to work attempting to steal the Outlook password along with website passwords from various browsers such as Firefox, IE, Chrome and Opera. It then attempts to harvest account credentials for a lengthy list of FTP and multiple file storage programs. In addition it begins pilfering the target machine for just about every type of Crypto currency in existence. This behavior (stealing Crypto currency) is something we have been seeing with more frequency as of late. The anonymous nature and lack of regulation in the Crypto Currency market make it more akin to stealing actual cash than to committing wire fraud by raiding someone's online bank accounts. But in this case the cybercriminals are okay with that, too. The last observed behavior was to drop a copy of the Zeus Trojan to be used to capture and steal bank related information."