Pony Malware Being Spread Through Invoice-Themed Email Campaign

Softpedia.com reported on 28th October, 2014 quoting Avast, a security firm, as saying "A fresh email campaign has been spotted which delivers Pony stealer camouflaged as a PDF (Portable Document File) file purporting to hold details of a late invoice.

The notification has dual extension and in fact it is a COM exe file which embraces commands for downloading the malware from a hijacked website after running some un-packaging procedures.

The latest Pony variations feature capabilities to steal crypto-currency wallets which are available on the tainted computers but can also extract crucial information and can also download other malicious families.

Security pundits of Avast scrutinized the website which was hacked and employed by cyber cooks to host the malicious software and detected that other samples of threat were also being hosted. This has been achievable because of a backdoor particularly shaped for this purpose which allowed full access.

Besides this, the examiners observed that the website was employed to place many Pony stealer admin panels on it together with the original installation package.

Researchers of security firm Damballa observed other capabilities in Pony like decoding of passwords saved by a large number of programs from clients of digital currency and FTP managers to online browsers and clients of email.

Avast advise customers to be extremely cautious while seeing an email which tries to convince you to pay money for non-ordered services. This technique of "social engineering" is most likely fake and one should never respond to such emails.

Avast outlines the following tips for SMBs: If you are a server administrator, please secure your server by following the general security advices. You can be hacked and a backdoor can be put in your website which will allow the hacker to upload anything to your website. Hence, you must protect yourself and your visitors!

Moreover, cybercriminals repeatedly use invoice-themed malware campaigns to deliver malware. In December 2013, an email with an attached document was sent asking the recipient to review and approve. Apparently the document was a record of invoice for several thousand dollars and the message in the email suggested that the payment was rejected due to lack of approval and asked the recipient to open the attachment for resolving the issue.

» SPAMfighter News - 11/11/2014