As the Lower Saxony State Criminal Police Office reports, emails with malware attached are currently being sent again!

These emails have been circulating on the internet every day for over 3 years now. We regularly warn here in the guide about the danger of counterfeit invoices that malware .
Now we have again noticed a massive increase in these emails. The type of presentation and the claim have remained almost the same.

The email recipients are personally addressed by name. It is alleged that a payment could not be recorded correctly. Failure to pay will result in a reminder being issued/submitted to court. The complete cost breakdown can be found in the attached appendix.

However, the attachment, usually a ZIP file, contains malware! This should under no circumstances be opened.

The malware is typically designed for Windows users and should have no impact on non-Windows systems. However, since there are different variants of these emails in circulation, the attachment should generally not be opened on any device.

In the cases that have been processed so far regarding these emails, it has always been shown that the attachments are Trojans. When analyzing the emails, Kaspersky Total Security reported a Trojan discovery:

A quick check of the malware revealed that not all of the anti-virus software checking there recognized the danger. There are also several well-known providers among them.

The perpetrators use various return addresses and company names. Some of these are actually existing company names whose names are simply misused by the perpetrators.

Here are some examples:

Bank-Pay AG [email protected] OnlinePayment AG [email protected] Paydirect GmbH [email protected] Paydirect Co. KG [email protected] OnlinePayment Limited & Co. KG [email protected] Directpay GmbH [email protected] Online Pay GmbH [email protected ] GiroPay Co. KG [email protected] [email protected] [email protected] [email protected] [ email protected] [email protected] [email protected] [email protected] [email protected] Sofortüberweisung eG [email protected]

Typical subject lines:

1) Direct debit could not be made 2) Automatic direct debit could not be carried out 3) Your specified checking account does not have sufficient funds 4) ...unpaid invoice booking...

Example texts:

We expect payment to our bank account by May 31, 2018. If no payment is recorded by the specified date, we will be forced to submit your claim to a court. You will be responsible for all associated costs.

  • Dear xxxxxx xxxxxxxxx,
    unfortunately your transfer to GiroPay Co. KG could not be recorded.
    We are once again asking you to pay the outstanding amount immediately by June 28, 2018. If we do not confirm payment by the specified date, we will be forced to submit your claim to a court. All associated costs will be borne by you. The detailed receivables issue number xxxxxxxxxx, from which you can see all bookings, can be found in the appendix.
    Due to the ongoing payment arrears, you are also forced to bear the resulting costs of 5.56 euros. In order to avoid additional reminder costs, we ask you to transfer the amount due to our account.
    All bookings up to June 22, 2018 were taken into account. If you have any questions, we expect to be contacted within three working days. With kind regards, GiroPay Co. KG
  • Dear xxxxxx,
    unfortunately your payment to Sofortüberweisung eG could not be recorded.
    We expect the entire transfer plus fees to be transferred to our checking account by June 29, 2018 at the latest. If we are unable to see payment by the specified date, we will be forced to submit your reminder notice to a court. All associated costs will be borne by you. A complete cost statement number 552044870, from which you can see all bookings, is enclosed.
    Due to the ongoing late payment, you are also obliged to pay the resulting fees of 6.35 euros.
    In order to avoid additional costs, we ask you to transfer the amount due to our account. All bookings received up to June 21, 2018 were taken into account. If you have any questions, we expect to be contacted within 24 hours. Kind regards, Sofortüberweisung eG
  • Dear xxxxxx,
    unfortunately your transfer to OnlinePayment Limited & Co. KG could not be recorded.
    We hereby ask you again to pay the outstanding amount immediately by June 27, 2018. If no payment is recorded by the specified date, we will be forced to submit our claim to a court. Any associated additional costs will be borne by you. The detailed claim number 924390873, from which you can see all bookings, is attached.
    Due to the outstanding payment, you are also obliged to pay the resulting fees of 7.36 euros. In order to avoid additional reminder costs, we ask you to transfer the outstanding amount to our account.
    All payments received up to June 22, 2018 were taken into account. If you have any questions, we expect to be contacted within three days. With kind regards, OnlinePayment Limited & Co. KG

If you have already run the file on your Windows computer, you should immediately check it for malware.

In the meantime, avoid logging into sensitive services (shopping, email, online banking…). A possible consequence of the malware can also ransomware . In the worst/ideal case, reinstalling Windows also makes sense, as it can never be said exactly where the remaining malware be. If possible, back up personal data.

We also recommend filing a report with your local police station.

Sources:

LKA Lower Saxony: Facebook
LKA Lower Saxony: Website

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )