FedEx Spam Mail Leads Users To Install Fake AV

A new spam email pretending to have arrived from FedEx is being discovered in the wild. This spam mail includes a subject line like “FedEX Notifications”.
The mail also carries an attachment which contains details about a supposed delivery. The mail asks the user to extract this attachment.

Upon extraction of the attachment, the user gets a malicious .exe file which has a PDF file icon.

If the user executes this malicious executable inside the zip attachment, it performs the following activity:
– Creates the process SVCHOST.EXE and injects its code.
– Downloads the fake tool file from the url “https://6X.9X.116.16”.

After the download is completed, it installs the FakeAV application. Once installed, it will show a ‘Fake System Repair Alert’ as seen below:

Quick Heal detects the attachment and the installed FakeAV file and protects its users.
We strongly recommend that users do not open such attachments from unknown emails.

Ranjeet Menon

Ranjeet Menon

No Comments, Be The First!

Your email address will not be published.