Fake RapidFAX Inbound Fax Emails Spread Trojan

The phony messages trick users into installing a piece of malware

By on December 5th, 2012 22:01 GMT

If you come across an email entitled “Inbound Fax,” “RapidFAX: Inbound Fax” or “RapidFax: New Inbound Fax” in your inbox, don’t open the attachment it contains since it hides a new variant of a Trojan.

The messages, which purport to come from reports@rapidfax.com, contain information such as MCFID, the time at which it was received, fax number, ANI, number of pages, CSID, and the fax status code.

They only inform recipients that “a fax have been received” and urge them not to reply to the email.

MX Lab experts have analyzed this Trojan distribution campaign and they report that the malware is identified as TR/Dldr.Kryptik.H, Trojan.Generic.8337227, Win32/Kryptik.APZB or Trojan-PSW.Win32.Tepfer.cqaj, depending on the antivirus vendor.

Currently, 24 antivirus solutions are capable of detecting the threat.

This isn’t the only spam campaign that relies on bogus fax messages. Emails pretending to come from eFaxCorporate are also making the rounds these days.

1 Comment