There’s a spam campaign going around that masquerades as an email from credit card company Visa talking about its rewards program. It’s a trap and the only rewards you’ll get out of it is a ransomware virus. Here’s what you need to know.
Lots of Visas image from Shutterstock
Credit card related spam email campaigns are nothing new but they don’t usually involve malware. This new malware spam email attack poses as Visa telling customers about rewards and benefits when using its credit cards. The email contains a whitepaper that purportedly has additional information on the rewards program but it’s actually a JavaScript file posing as a document.
Symantec has identified the file as JS.Downloader, a Trojan virus that downloads malicious files from websites, in this case it’s the TeslaCrypt ransomware, and executes them. Within a few short minutes, a user’s computer and files will be locked and held for ransom. Symantec has provided more information on how the ransomware demands payment:
“The ransomware provides more information to victims on a personalized home page and demands a payment of US$500 (or 1.2 bitcoins) within 160 hours of infection in order to unlock the encrypted files. If the transaction is not made within the specified time frame, the price doubles to $1,000. This page provides a contact form that offers assistance in case of payment issues or any other problems the victims may run into. There is also an opportunity to decrypt a single file for no fee to prove that the files can be properly decrypted.”
Image: Example of spam email (from Symantec)
While the attack is predominantly targeting US and UK email users, it has been detected in Australia and other English-speaking regions.
Symantec has advised email users to be vigilant and watch out for emails with JavaScript attachments.
Comments