Irish businesses targeted with trojan-carrying fake invoice emails

ESET Ireland has seen an increase in emails with infected attachments, claiming to be invoices, tricking unwary businesses to click on them and infect themselves.

Businesses in Ireland should be on the lookout for brief emails with attachments. ESET Ireland has seen many in the past few weeks, with a subject like “Invoice #39601” or “New Purchase Order 3321176” and the content of the email being “Please find invoice 39601 attached” or “Please find attached PO 3321176 for immediate ordering. Please acknowledge/confirm.”

Example email 1

All the varieties of these obviously aim at getting the user to click on the attachment to the email instinctively, before inspecting the sender or the content. But as these attachments actually carry malware, clicking on them can infect the user’s computer.

Example email 2

ESET’s antimalware software detects the samples carried by these attachments as Java/Adwind or Java/JRat, remotely controlled backdoor trojans that can make victim’s computers vulnerable to ransomware or other malicious payloads.

More than ever, ESET’s warning “Think before you click!” applies, when receiving these emails. Unless the targeted businesses have good security measures in place, that can remove infected attachments automatically, avoiding clicking on them, deleting them, and warning others, is the safest way to prevent infection.

written by Urban Schrott, ESET Ireland

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s