Home Malware Programs Trojans 'Delayed payment confirmation caused by COVID-19' Email Virus

'Delayed payment confirmation caused by COVID-19' Email Virus

Posted: April 24, 2020

Email fraudsters have been very active since the start of the Coronavirus pandemic, and cybersecurity experts have been reporting dozens of email tactics that focus on stealing money from their victims. However, the 'Delayed payment confirmation caused by COVID-19' email virus is a new tactic that aims to do something else – it asks users to download a file attachment, which contains a corrupted piece of code. If the execution of the code is allowed, the harmful document may deploy a copy of the GuLoader Trojan-Downloader on the compromised host. GuLoader may then be used to deliver secondary payloads such as Remote Access Trojans (RATs) banking Trojans or infostealers. Needless to say, the 'Delayed payment confirmation caused by COVID-19' email virus can be very damaging to users who do not keep their system protected by an up-to-date anti-virus software suite.

The sender of the 'Delayed payment confirmation caused by COVID-19' email virus pretends to be part of an accountant team, which informs the recipients of the message that one of their payments had been detained due to the COVID-19 outbreak. The message carries on by saying that the issue was resolved, and the payment has been dispatched successfully – all details about the transaction can supposedly be found in the file attachment 'Payment_SWIFT.doc.'

The latter file is just a decoy, and it does not contain information about a valid financial transaction. Instead, it is packed with the aforementioned corrupted code that aims to install the GuLoader on the compromised system.

If you see a message titled 'Delayed payment confirmation caused by COVID-19' in your inbox, then we advise you to ignore its contents and report the sender's email immediately. You can rest assured that this is not a valid message, and it is part of a fraudulent campaign that is meant to deliver malware to naïve users.

Loading...