skip to Main Content

Cybercrime, new malspam campaign to spread Avaddon

Cybercrime launches a new malspam campaign worldwide to spread Avaddon ransomware. The vector is the botnet phorpiex (trik) and the text of the email contains only emoticons and a fake photo

New malspam cybercrime campaign worldwide, which takes advantage of a new version of the Avaddon ransomware. The CSIRT-Italy cyber security experts report it. According to the researchers who discovered it, the carrier for spreading malware is the phorpiex botnet (trik). Malicious emails are composed only of an emoticon and a phrase in object, which induce users to open the attached photo in .zip format (IMG “number” .jpg.js.zip). The attachment is actually a malicious JavaScript file disguised as an image in .jpg format. It is important to underline that Windows, as default setting, hides the file extensions, allowing, as in this case, to make the file appear legitimate. Once executed, some Powershell and Bitsadmin commands are launched useful for downloading the ransomware in the% Temp% folder. Subsequently, the files on the computer are encrypted and the extension .avdn is added.

Back To Top