Trend Micro researchers have reported in a post a new massive phishing campaign that conveys a malware variant Bartalex (identified by Trend Micro as W2KM_BARTALEX.SMA).
The threat is typically in the form of an Email which refers to a problem with a transaction made through ACH (Automated Clearing House), an electronic network for financial transactions in the United States, which long used by companies. The Email contains a link that invites you to get "more details" on the issue. The link in turn directs the user to a page of known cloud storage service DropBox that contains a Microsoft Word document with explicit instructions (complete with a Microsoft logo) that invite you to enable macros in Office in order to correctly display the document.
Once fallen into deception and open the document malicious code contained in macro triggers the download of a variant of the well-known banking trojan Dyre/Dyreza (identified by Trend Micro as TSPY_DYRE. YUYCC), who attempts to steal login credentials to sites of various banks and financial institutions from the United States, entering a server controlled by cyber criminals.
Source : http://blog.trendmicro.com/trendlab...rtalex-macro-malware-in-recent-spam-outbreak/
The threat is typically in the form of an Email which refers to a problem with a transaction made through ACH (Automated Clearing House), an electronic network for financial transactions in the United States, which long used by companies. The Email contains a link that invites you to get "more details" on the issue. The link in turn directs the user to a page of known cloud storage service DropBox that contains a Microsoft Word document with explicit instructions (complete with a Microsoft logo) that invite you to enable macros in Office in order to correctly display the document.
Once fallen into deception and open the document malicious code contained in macro triggers the download of a variant of the well-known banking trojan Dyre/Dyreza (identified by Trend Micro as TSPY_DYRE. YUYCC), who attempts to steal login credentials to sites of various banks and financial institutions from the United States, entering a server controlled by cyber criminals.
Source : http://blog.trendmicro.com/trendlab...rtalex-macro-malware-in-recent-spam-outbreak/
