In case you’ve shipped a parcel via FedEx, you should be careful if you receive a legitimate-looking email that informs you of the fact that it has been delivered. Cybercriminals are using such notifications to spread malware.
The emails carry the subject line “Track shipments/FedEx” and they contain information on the alleged shipment.
Dynamoo’s Blog reports that the links in these emails point to a website that’s set up to serve an archive file called “track_shipments_FedEx.zip.”
The ZIP contains an executable that has a very long name: “Track_shipments_ FedEx_Office_orders_summary_ results_Delivered_tracking_ number_9384758293431234834312 _idju2f83f9hjv78fh78.doc.exe”
Although it looks like a harmless Word document, in reality, the file is a piece of malware that’s currently detected by 28 of the antivirus engines on VirusTotal. The threat appears to be a Trojan downloader.
If you’ve already clicked on the link and executed the file, scan your computer with an updated anti-malware solution.