If you come across an email entitled “Inbound Fax,” “RapidFAX: Inbound Fax” or “RapidFax: New Inbound Fax” in your inbox, don’t open the attachment it contains since it hides a new variant of a Trojan.
The messages, which purport to come from firstname.lastname@example.org, contain information such as MCFID, the time at which it was received, fax number, ANI, number of pages, CSID, and the fax status code.
They only inform recipients that “a fax have been received” and urge them not to reply to the email.
MX Lab experts have analyzed this Trojan distribution campaign and they report that the malware is identified as TR/Dldr.Kryptik.H, Trojan.Generic.8337227, Win32/Kryptik.APZB or Trojan-PSW.Win32.Tepfer.cqaj, depending on the antivirus vendor.
Currently, 24 antivirus solutions are capable of detecting the threat.
This isn’t the only spam campaign that relies on bogus fax messages. Emails pretending to come from eFaxCorporate are also making the rounds these days.