Malware Distributors Target Online Holiday Shoppers


Thought Leadership

Malware Distributors Target Online Holiday Shoppers

Troy Gill







As online holiday shopping gets into full swing we are on the lookout for holiday related threats that we should all be wary of.

It’s likely that FedEx alone will deliver hundreds of millions of packages between Black Friday and Christmas Day. And with so many people expecting packages to be delivered at this time of year, the likelihood that they will fall victim to fraudulent email claiming to be from a major shipper such as FedEx is certainly elevated.


This morning we are monitoring a malicious email campaign that utilizes this social engineering tactic to infect unsuspecting users. The emails are quite convincing to the casual email user.

Though all messages look virtually identical they have some variation in the file attachments. The messages currently are varying their infections with either the Zbot Trojan or the Adwind RAT. Both are dangerous and should be avoided like Cousin Eddy’s camper.

The Adwind RAT has been quite busy in 2017 with a large surge in activity mid-summer. The Adwind RAT (also known as Jrat, SockRat, AlienSpy and Frutas) is particularly threatening in that it can infect cross-platform. Adwind is a Java based Trojan that is capable of infecting, not only Windows OS but also Linux, Mac and even Android. Once the infection has taken place, it can harvest and exfiltrate many forms of data from the victim.

The Zbot Trojan aka Zeus has been at for the better part of a decade. It has the ability to harvest credentials and traditionally has focused those efforts on stealing banking data but it also has been seen serving up infections such as the infamous Cryptolocker ransomware.


If you are shopping online this season, please remember that these sorts of things are circulating constantly. Never open links or download attachments in unsolicited emails.

If you suspect a shipping issue with a package, it would be best to navigate directly to the carrier’s website and use the tracking number that you were provided by the retailer. If that does'st assuage your concerns then pick up the phone and give them a call.

As usual, our SecureTide customers are protected from all current variants of this threat.


Are you following AppRiver’s social media? Like us today on FACEBOOKTWITTER, YOUTUBE and LINKEDIN.