A new spam email pretending to have arrived from FedEx is being discovered in the wild. This spam mail includes a subject line like “FedEX Notifications”.
The mail also carries an attachment which contains details about a supposed delivery. The mail asks the user to extract this attachment.
Upon extraction of the attachment, the user gets a malicious .exe file which has a PDF file icon.
If the user executes this malicious executable inside the zip attachment, it performs the following activity:
– Creates the process SVCHOST.EXE and injects its code.
– Downloads the fake tool file from the url “http://6X.9X.116.16”.
After the download is completed, it installs the FakeAV application. Once installed, it will show a ‘Fake System Repair Alert’ as seen below:
Quick Heal detects the attachment and the installed FakeAV file and protects its users.
We strongly recommend that users do not open such attachments from unknown emails.