Beware: Upatre Malware Spreads Through Fake ADP Invoices and Fiserv Documents
Upatre Malware, an aggressive Trojan downloader that installs other threats without any indication to the computer user, is the latest culprit in a new spam campaign utilizing fake ADP invoices and Fiserv documents to spread various parasites.
It is not uncommon for hackers and cybercrooks to use popular entities or companies to spread malware within an aggressive spam campaign. It just so happens that ADP, one of the most popular invoicing and payment companies, has been the brunt of a new spam campaign that spreads the Upatre malware. Additionally, fake Fiserv documents, claiming to be from the Fiserv company known for providing financial technology services, is part of a second spam campaign spreading the Upatre malware as well.
The Upatre malware spam messages claim to be an invoice attached to an email asking that the user print the label and fill in information on the form and send to payroll.invoices@adp.com. The attachment is a zip file named Invoice_ADP_3164342.zip, which contains files for loading the Upatre malware on any vulnerable PC. Once the malware is loaded, it can then run in the background and start downloading additional malware files onto the system without alerting the PC user to any questionable activity.
In the case of the fake Fiserv email message, it disguises the malicious file as FSEMC.Debra_Drake.zip and asks that the user use an included password to decrypt the attached file to see the message from Debra_Drake@fiserv.com.
Fortunately for this spam campaign, most antivirus and antispyware applications are able to detect the malware installed from the malicious attachments. So far the random malware ported onto systems through the attached malware have been identified as Gen:Variant.Strictor.49180 as Gen:Variant.Zusy.79270 (Bitdefender), Win32/TrojanDownloader.Waski.A (ESET), TrojanDownloader: Win32/Upatre.A (Microsoft) and Trojan.Zbot (Symantec). These variations of the malware all perform actions similar to the ZeuS banking Trojan where financial information is targeted so it may be sent to the cybercrook initiating this aggressive spam campaign using either a fake ADP or Fiserv message.
Evading malware infections from spam campaigns like these goes back to the common recommendation of never trusting an email message from an unknown email address or ones that include a questionable attachment in a Zip file format. Zip files can contain anything and most times it is malware unless you are 100% certain of the sender and their intentions.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.