Fake financial statements and postal documents lead to fake AV

Fake emails purportedly coming from financial institutions and the post are currently hitting inboxes and are carrying a malicious .exe file disguised as a Word document.

Taking advantage of the users’ curiosity, the attachments – named Financial_Statement.exe or Postal_document.exe – are actually a downloader Trojan that, once run, copies itself on the system and injects itself in svchost.exe, and finally tries to download and install a fake AV (“Security Shield”) variant on the victims’ computer:

According to BitDefender researchers, once that is achieved, the victim is faced with the usual barrage of fake pop-up windows saying that the computer is infected and trying to convince the user to buy the product in order to disinfect the system.

As always, users are encouraged to carefully review unsolicited emails and to avoid following enclosed links or downloading and running attachments. If suspicious about the nature of the downloaded attachments, it is a good idea to run the file through the VirusTotal service.




Share this