Monday, 7 December 2015

Malware spam: "Your receipt from Apple Store, Manchester Arndale" / ""

This fake receipt does not come from an Apple Store, but is instead a simple forgery with a malicious attachment:

Date:    7 December 2015 at 09:43
Subject:    Your receipt from Apple Store, Manchester Arndale

Thank you for shopping at the Apple Store.

To tell us about your experience, click here.
Attached is a file emailreceipt_20150130R2155644709.xls which in the sample I analysed has a VirusTotal detection rate of 6/53.

According to this Malwr report, the attachment downloads a malicious binary from:

This has a VirusTotal detection rate of precisely zero.  Those reports indicate network traffic to: (AT&T Internet Services, US)

This is the same IP as seen in this earlier spam run, and I strongly recommend that you block it. The payload is likely to be the Dridex banking trojan.


  1. I just received it. deleted it imidiately

  2. I received this malware today and immediately deleted it.

    Not impressed with so-called security on my computer that allows this to happen!!

  3. I opened the attachment before questioning the vaoidity of the email on my ipad. Am I now at risk of will Apple software protect me?

  4. @Lesley - the version I wrote about impacted Windows PCs only, your iPad should be OK.
