Fake emails from debt collecting agency used to spread malware

We wrote more than two month ago about fake emails in German pretending to come from various known online shops that contain attached archives with malware. The email pretended that the attached files were invoices that the receiver of the email forgot to pay. A special characteristic of these emails was and still is that they are addressing the receiver by full name.

Now, the latest campaign changed the tone of the email and literally threaten the receiver of the email with legal measures if he doesn’t pay the invoice (again, attached as ZIP archive). The email mentions that the invoice is from the website hardwareversand.de (online shop for hardware) but it doesn’t pretend anymore to come from the online shop directly but from a debt collecting agency (company that is specialized in recovering money from customers that didn’t pay (German: Inkassobüro)).

mahnung2

The malware is in an archive called “Mahnung.zip” and the executable file inside is called “mahnung.exe”. This time,  all Avira products detect it as the trojan ’TR/Dldr.Esitgun.A’.

You should never respond to such letters in any way and never open any attachments coming from suspicious emails. If you ever have doubts if you really forgot to pay an invoice, better call a consumer organization near you.

 

Sorin Mustaca

IT Security Expert