14 DAY TRIAL // Starbucks customers might end up with a piece of malware on their computers if they open the files attached to fake Starbucks emails which claim that a friend has sent them a gift.
The emails have been analyzed by experts from Kaspersky. They’re entitled “Starbucks Coffee Company gift from your friend” and they read something like this:
“Your friend just made an order at Starbucks Coffee Company a few hours ago. He pointed he is planning to make a special gift for you and he have a special occasion for that. We’ve arranged an awesome menu for that case that can really surprise you with our new flavors.
In the attachment you can view the whole menu and the address and the exact time you can come and celebrate this day with your friend. He asked to stay anonymous in order to make some mystery and desire to come and enjoy this atmosphere. Have an awesome evening!”
Starbucks does allow customers to gift friends on various occasions. However, these emails have nothing to do with the coffee company. You can tell by the way it’s written that it’s not a legitimate message.
Another indication of the fact that the email has nothing to do with Starbucks is the sender’s email address. The fake notifications are sent out from Yahoo and Gmail accounts. In all cases, they’re sent with “high importance.”
The file that’s attached to the messages is not a menu, but a malicious executable. Interestingly, the cybercriminals have made no effort to mask their true goal. They usually disguise malware as a harmless-looking document or at least place it inside an archive.
This time, the malware is attached directly. As the screenshots provided by Kaspersky reveal, the email client warns users right from the start that it’s a potentially unsafe attachment.
However, in case the antivirus that’s installed on the computer doesn’t detect the threat, the victim might be too excited about getting the gift and open the file without giving it too much thought.
The malware is detected by Kaspersky as Rootkit.Win32.Zbot.sapu. This version of the notorious banking Trojan ZeuS is designed to install a rootkit, which makes it more difficult to remove. Then, it starts stealing sensitive information from infected computers.
If you’re a victim of this attack, update your antivirus software and run a full system scan to make sure your device is not infected. If the security software finds threats, change your passwords and contact your bank if you’ve been using the computer for online banking.