Analyse vonFarrel Moje

We spotted a spam run that could potentially leave user systems infected with a variant of FAREIT malware (detected as W2KM_FAREIT.BM). FAREIT is a known for stealing credentials stored in web browsers and email clients among others. The spammed email bore the subject Stamp needed, and informed users that they need a stamp on an invoice before they can supposedly pay them. It has a .DOC file attachment that when opened, a macro embedded in the said document triggers the execution of W2KM_FAREIT.BM.

Trend Micro protects users via detecting the spam and malicious macro. We recommend that users be wary when opening this type of email. It is also best to install a security solution that can detect spammed messages such as this.

 Spam gesperrt am/um:: 14 Januar 2016 GMT-8
 TMASE
  • TMASE Engine::8.0
  • Patrón TMASE: 2066