Which emails can infect you with malware: see some examples here | ESET | Cybersecurity | Mexico | Spain | MH | SPORT GAME

Company Information Security ESET collected examples of malicious emails containing malware that were distributed in Latin America during 2023. These cases allow us to study the tactics used by cybercriminals to defraud people, the types of attachments used, and the distribution of malware. You better check them thoroughly to avoid falling victim to the same thing in the coming months.

Malicious emails often impersonate trusted entities such as banks, government agencies or large companies, and tend to convey a sense of urgency, such as the need to verify details for an imaginary delivery or take advantage of a limited-time offer. Once the user falls into the trap and downloads the attachment, usually in Excel or wordsa malware infection occurs.

ESET analyzes real cases where attackers try to exploit known vulnerabilities in Microsoft Office to download malicious files to victims’ devices. Among the types of malware distributed are remote access Trojans, such as Agent Tesla, AsyncRAT or njRAT. Additionally, the use of email spoofing has been observed, with criminals spoofing legitimate sender addresses to deceive users.

Email spoofing creates the impression that messages are coming from trusted sources, leading users to click malicious links or download infected files. In cases identified ESETCybercriminals impersonate real people who work or have worked for companies, which increases the credibility of the deception and makes it more difficult to initially detect.

Examples of online attacks

Vulnerability CVE-2017-1182: In this case, you will see a purchase order email in Excel .xls format. Analysis of the attached file showed that it is infected with malware, which will take advantage of the CVE-2017-1182 vulnerability to download it onto the victim’s computer. This vulnerability, along with CVE-2012-0143, was the most exploited vulnerability in 2023.

Vulnerability CVE-2017-0199: In this other example, you can see the same mode of operation and the same deception: an attachment simulating participation in the sales process, detailing orders. Impersonates a Mexican company and impersonates one of its real employees. ESET’s analysis of the attached Excel file revealed that it is malware that will exploit the CVE-2017-0199 vulnerability through which it will download a different type of malware onto the victim’s computer.

ESET has also identified other examples of malicious attachments containing an exploit for the CVE-2017-0199 vulnerability. The campaign then downloads a different type of malware onto the victim’s computer. The person mentioned as the sender of the email worked for DHL.

“These campaigns and attempts at deception are widespread in the Latin American region. The evolution of threats and the way hoaxes can be modified to make them more believable means you should always be on guard and wary of unsolicited emails and other forms of communication.”– comments Camilo Gutierrez Amaya, Head of Research Laboratory at ESET Latin America.

How to avoid this kind of deception

• Never download attachments without first checking the authenticity of the sender, which may even be from an address that appears legitimate at first glance.
• Don’t forget that in these cases, malware or information theft scams can also send you a fake link that takes you to a page that appears to be legitimate. Be especially careful when clicking on suspicious links.
• At the organizational and company level, it is extremely important to strengthen security policies and train personnel in best computer security practices.
• Keeping systems up to date and having an appropriate security solution in place is essential to minimizing risks.

This may interest you