Citibank Paymentech Electronic Merchant Billing Statement Spam Infects Users with ZBot
New spammed malware campaign aims at Citibank Paymentech clients to collect passwords and open backdoors for remote attackers to dispose of compromised systems at will.
This new campaign consists of random e-mails allegedly sent by a Citibank billing department. The electronic messages deliver as attachment an archived document hiding an executable malicious file.
In the body of the message, scammers ask recipients to avoid sending a direct reply and to look instead for contact details in the attached Statement ID (plus a string of random numbers).
Instead of a billing statement, the attachment contains one of the numerous variants of the Zbot malware ready to disable the system’s firewall, snatch passwords and open backdoors so remote attackers can reach and control the compromised machines and download further malware.
Bitdefender detects the attachment as Trojan.GenericKD.973769 and protects its customers from the menace.
Hoax Slayer reported a similar attack against Citi customers here.
It’s been barely three months since the last spam campaign targeting Citi customers for sensitive data serving people e-mails with “You have received a secure message”Â that was delivered with a dangerous securedoc.zip attachment.
The e-mail message in the current campaign is sloppy and messy, which should give even the untrained eye a sense of distrust and discourage readers from opening the malicious attachment.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the spam samples provided courtesy of Daniel ICHIM, Bitdefender Spam Researcher.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021