Corrupted emails have been attacking Facebook users lately. These emails use the same method as a recent virus aimed at WhatsApp users, and security researchers think that the creators of both spam campaigns are the same.
The emails are fake and they look like an official communication from the popular social network. The main purpose of the spam campaign is to make the users believe that they have received an ordinary voice message.
Similarly to the WhatsApp spam campaign, the subjects of the emails contain a set of random characters , such as: “An audio announcement has been delivered! Lucqmc“, “You got a vocal memo! Fcqw“.
According to the researchers, “These are most likely being used to bypass antispam products rather than identify the user.”
The recipients are urged to download and open an attachment, which contains a malicious executable – a variant of the Nivdort information-stealing Trojan.
As soon as it’s running, the malware will automatically replicate itself into “C:\” directory and add a Windows Registry entry that will allow it to run automatically after each restart or shutdown of the computer.
In addition, by modifying the Windows Hosts file, the fake message aims to prevent users from accessing websites of AV vendors and tries to disable Firewall notifications from the Windows Security Center, with another Windows Registry modification, which may make it difficult to spot and delete.
“In this age of cyberattacks, being exposed to phishing is a destiny for every company, well-known or not. It may not be the most groundbreaking attack method cybercriminals use – but there’s no denying that they’re becoming more clever when crafting their messages,” stated the Director of Technology for Comodo and the Comodo Threat Research Lab, Fatih Orhan.
“More frequently, they’re using ‘too good to be true’ promises and action-oriented language in the subject lines to entice recipients to open the emails, click the links or attachments and spread the malware.”
