Sponsored by..

Monday 7 December 2015

Malware spam: "Your receipt from Apple Store, Manchester Arndale" / "manchesterarndale@apple.com"

This fake receipt does not come from an Apple Store, but is instead a simple forgery with a malicious attachment:

From:    manchesterarndale@apple.com
Date:    7 December 2015 at 09:43
Subject:    Your receipt from Apple Store, Manchester Arndale

Thank you for shopping at the Apple Store.

To tell us about your experience, click here.
Attached is a file emailreceipt_20150130R2155644709.xls which in the sample I analysed has a VirusTotal detection rate of 6/53.

According to this Malwr report, the attachment downloads a malicious binary from:

steveyuhas.com/~steveyuhas/87tr65/43wedf.exe

This has a VirusTotal detection rate of precisely zero.  Those reports indicate network traffic to:

23.113.113.105 (AT&T Internet Services, US)

This is the same IP as seen in this earlier spam run, and I strongly recommend that you block it. The payload is likely to be the Dridex banking trojan.

4 comments:

JustinVosDesign said...

I just received it. deleted it imidiately

Unknown said...

I received this malware today and immediately deleted it.

Not impressed with so-called security on my computer that allows this to happen!!

Unknown said...

I opened the attachment before questioning the vaoidity of the email on my ipad. Am I now at risk of will Apple software protect me?

Conrad Longmore said...

@Lesley - the version I wrote about impacted Windows PCs only, your iPad should be OK.