We wrote before about the smart methods of fooling users to do things (execute files) which they would not normally do. Two weeks ago we’ve seen a mass mailing in the German language containing malicious payload pretending to be invoices from Apple and Plus.de.
Cybercriminals are sending again personalized emails in the German language pretending to come from the well-known website Zalando.de (shoes and women accessories) and from the Deutsche Bahn (German Railways).
Same as before, the text is addressed to the recipient of the email directly and it threatens him so that the user opens the ZIP archive and executes the malicious file.
All payloads are detected by Avira software as TR/Jorik.Androm.pqr and HIDDENEXT/Worm.Gen.