Cybercriminals are trying to spread a variant of the Kuluoz malware
In case you’ve ordered something these days from Costco, Walmart or Best Buy, beware of fake delivery failure emails since cybercriminals are using them to spread a piece of malware.According to Malcovery’s Gary Warner, the emails have subject lines that read something like this:
- Express Delivery Failure
- Standard Delivery Failure
- Scheduled Home Delivery Problem
- Delivery Canceling
- Special Order Delivery Problem
- Expedited Delivery Problem
The fake Costco email reads, “Unfortunately, the delivery of your order COS-0097533310 was canceled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us.”
The bogus Walmart notifications are similar. They read, “Your order W-008652142 delivery has failed because the address was not specified correctly. You are advised to fill this form and send it back to us.”
In each case, the scam notifications inform recipients that if they fail to reply within one week, they’ll get their money back, but a certain percentage will be deducted since the order was booked for Christmas holidays.
The links from these emails don’t point to a form, but to one of hundreds of compromised websites used by the cybercriminals in this campaign. All of the hijacked sites have been set up to serve an archive file that contains an executable.
The files are named something like “WalmartForm.exe,” depending on the name of the retailer mentioned in the scam notifications. The executable appears to be a harmless document. However, when it’s opened, it unleashes a variant of the Kuluoz malware.
If you come across such emails, make sure the links contained in them point to the retailer’s legitimate website. If you’ve already downloaded and executed the malicious file, scan your computer with an updated antivirus solution.