14 DAY TRIAL // Emails popping up in inboxes this time of the year and asking for confirmation of an order are far from raising suspicions, and this is exactly what the operators of the Asprox botnet count on in order to extend their network.
The attackers use bait that is most likely to be taken by unsuspecting users, as they rely on the names of big US retailers to trick them into clicking on malicious links.
The current email campaign imitates order confirmation messages from HomeDepot, WalMart, CostCo, and Target, according to researchers from Malcovery.
Mixed sender names hint at a scam attempt
Although the messages purporting to be from these retailers seem different, the researchers have noticed that sometimes the sender name has been mixed up. Thus, in an email appearing to be from CostCo, the crooks used a sender name from WalMart; moreover, they found that in an email claiming to be from Target, the sender shows up as CostCo.
For the users receiving the malicious emails, these could be clear indications that something dodgy is going on and they could be warned about the risk of clicking on the embedded link.
According to the blog post from Malcovery, the campaign distributed two versions of malware, one present as an attachment and another available from an online location, via the URL provided in the message, which belongs to websites compromised for spreading malware.
Two Asprox Trojan versions delivered in the same campaign
After analyzing the pieces, researchers reached the conclusion that two different command and control servers were used for each version of the malware. They were also able to find that one of the builds was actually an older Asprox Trojan.
Malcovery researcher Gary Warner says that the malicious campaign is expected to evolve, especially since more recent samples include other brands, such as Krogers and Walgreens.
Given that this is the holiday season, people are more likely to fall victim to rogue messages claiming to inform of product orders. Cybercriminals know this and try to take advantage, but there are ways to determine if a message is a scam or not.
Apart from checking the sender address by examining the source, an activity more difficult to carry out on smartphones, users should first think if they really expect any information from the retailer the email appears to be from.
The best way to check if the message is legitimate is to open the website of the brand straight into the web browser and not launch it from the provided link.
