Threat Encyclopedia

Fake Amazon Invoice Arrives with Locky Ransomware

Publish date: September 21, 2017

ANALYSIS BY

Cedrick Ramos


A fake invoice spoofing Amazon Marketplace is spreading Locky ransomware. The email contains a message thanking the recipient for their purchase and refers to an attached invoice as proof of purchase.The attachment contains Locky ransomware which infects the recipient's machine when they open the file.The body also contains legitimate Amazon URLs to help fool recipients of the email. 

Upon investigation, the attachment is already detected as 'Mal_VBSCRDLX'. Cybercriminals often spoof trustworthy or notable companies such as Amazon in their campaigns. Users are always advised to carefully check the emails they receive and be cautious when opening attachments. 
SPAM BLOCKING DATE / TIME: September 21, 2017 GMT-8
TMASE INFO

  • ENGINE:8.0
  • PATTERN:3342

Featured Stories

Connect with us on