Fake Vodafone Bill Spreads Trojan Malware

By   ISBuzz Team
Writer , Information Security Buzz | Aug 03, 2017 08:00 am PST

ESET Ireland is warning Irish computer users to watch out for an email that pretends to come from Vodafone, but carries the Nemucod trojan.

ESET Ireland has come across another widely targeted malicious email. This one pretends to be a bill from Vodafone and claims:

Dear Customer,

You can now take a look and manage your latest Vodafone bill for invoice date 02/08/2017.
Your total bill for this month is £ 263.71

Don’t forget, your line rental is charged a month in advance and calls are charged in arrears

Click here to view your bill

Clicking on the link downloads a ZIP file called “Vodafone bill.zip” which in turn contains a JavaScript file called “Vodafone bill.js”. Because most Windows users have file extensions turned off by default, many fail to spot this is a JavaScript file, one of the very common vectors for the cybercriminals to deliver their malicious payloads.
Tip: Turn off “Hide extensions for known file types” in your Windows File Explorer Options.

The code is heavily obfuscated, but once activated, it proceeds to download the Nemucod trojan, which is used for further downloading all kinds of malware, ranging from ransomware to backdoors and banking trojans.

Ireland has been one of the countries worst affected by Nemucod in the past, having a 50,42% detection rate in Ireland, while the world average was 15,82%. A similar email campaign, but using BT as bait, instead of Vodafone was active in May 2017.

ESET Ireland urges caution when receiving emails like these and avoiding clicking on unverified links or opening attachments downloaded from them.
Vodafone also offers several online security tips on their website, which can help spot and prevent falling victim to cybercriminal activity.

[su_box title=”About ESET Ireland” style=”noise” box_color=”#336588″][short_info id=’60241′ desc=”true” all=”false”][/su_box]