BlackBerry customers should keep an eye out for emails that purport to come from blackberry.com, notifying them that their BlackBerry ID has been created.
The emails, according to
Websense Security Labs, look something like this:
You’ve created a BlackBerry ID!
To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file. BlackBerry ID is your universal BlackBerry key. Here is what it offers:
- One sign in for all BlackBerry applications, services and websites.
- Automatic transfer of some email accounts and services when you switch smartphones.
- Full access to all features in BlackBerry App World storefront.
- Protection of financial transactions using BlackBerry services.
You can learn more about BlackBerry ID by visiting blackberry.com
The BlackBerry Team
At first sight, the email looks perfectly legitimate. It’s properly written, the links it contains genuinely point to the official BlackBerry site, and it appears to be originating from a standard “do-not-reply” address.
However, the email address of the sender is clearly spoofed (an easy task even for inexperienced spammers), and there’s one more important clue which reveals this notification’s true purpose: the attachment.
The text of the message has been copied from a legitimate email, except for the part in which the recipient is urged to check out the attached file for instructions.
The file in question – BlackBerry_ID9890843_Instruction.zip
– actually hides a piece of malware that’s currently appointed as being dangerous by only 27 antivirus solutions
A noteworthy fact is that this particular piece of malware – identified by Kaspersky as Backdoor.Win32.Androm.gi
– is the same as the Trojan attached to the Booking.com emails
that we have reported yesterday.
It’s clear that there’s a massive spam campaign behind these emails and the ones who run it have come up with more than one way to trick users.