AppRiver finds password-protected Zbot malware found in the wild
Cybercriminals are spoofing emails from a legitimate company, Berkeley Futures Limited, and the Zbot malware attached is now in the wild, security researchers have discovered. The attached ZIP file is password-protected so it cannot be scanned with anti-virus or anti-malware software until the user unlocks the file.
Users need to be more aware of cybersecurity issues, because an attached password in the body of the email should be an immediate red flag to Internet users. However, the cybercriminals behind it must find success if they are using the same tactic to compromise users.
The attachment has two files, a fake SCR spreadsheet file and a fake invoice in the form of a PDF. The file attachment is really a RAR file and not a ZIP file - a unique twist on compromising users, because many people have programs to attach ZIP files, but not everyone can open RAR files.