14 DAY TRIAL // A malicious email campaign has been spotted recently by researchers at CSIS Security Group to use their organization’s name to lure unsuspecting recipients into deploying malware on the machines.
CSIS is a Danish-based security company providing security services for some of the largest banks operating at a global level. The company also has a security advisory role for governments, media and businesses.
There aren’t too many details available right now as the investigation into the campaign is still ongoing, but the researchers caught an email that spoofed the company’s address and used the name of Peter Kruse, security expert at CSIS, to distribute a malicious attachment.
Written in English, the message is poorly constructed and contains plenty of grammar mistakes which should raise suspicions even to a less knowledgeable individual.
It informs the recipient that an email sent from their address carried malware and that CSIS discovered it and attached a tool designed to clean their machine.
The email sample contains a ZIP archive, 11KB in size, but there is no information on the nature of the malware that it downloads when launched.
CSIS issued an apology to anyone that received the fake message and informed that they were not the authors. The company promised to provide more details as the investigation advances and advised recipients to delete the email immediately.