Shady Ramadan and World Uyghur Congress Emails Found to Carry Malware

As we’ve seen on numerous occasion before, any important topic can be used to create a successful spam campaign. This time the subjects are the Ramadan – the ninth month in the Islamic calendar – and a meeting of the World Uygur Congress – an organization that represents the interest of the Uyghur people.

According to Trend Micro researchers, the Ramadan-themed emails contain .xls files that hide a Trojan (TROJ_MDROP.AIG).

The second set of emails replicate invitations to the upcoming international Uyghur conference in Germany. The invitations carry a piece of malware that’s designed to drop a backdoor capable of creating screenshots, altering files, and even terminate processes.

Fake World Uyghur Congress invitations have been circulating since June, attempting to trick recipients into opening all sorts of malicious elements.

At the time, experts identified a campaign that targeted Mac OS X users.