With malicious intentions of targeting the users across the globe, attackers are reported to be disseminating new dubbed Muncy malware in the form of EXE file through DHL phishing campaigns.
Resorting to malspam emails, DHL phishing is amongst the most far-reaching campaigns which distributed several sophisticated malware. They made it appear legitimate by exploiting the deplorable configuration of SMTP servers and by employing email spoofing techniques.
DHL is a company of global repute which specializes in providing express mail services, international couriers and parcels. The reputation of the well-established company took some hits by the cybercriminals as they abused it to distribute malware.
They did so by configuring the malicious emails to appear to be coming from DHL express. The email comprised of an infected attachment in PDF format.
How the malware is executed?
As soon as the targeted user accesses the PDF attachment, Muncy Trojan file sneaks into the system. Then the packed malware is unpacked and once unpacked it scans the whole C:\ drive for the files containing sensitive data.
Commenting on the matter, Pedro Tavares, Founder, and Pentester at CSIRT.UBI told the GBHackers, “The phishing campaign is trying to impersonate DHL shipment notification and the malware is attached in the email.”
“This malware is on the rise and is affecting user’s in-the-wild while stealing sensitive information from their devices.”