Fake January Invoice Spam Comes with FAREIT

We spotted a spam run that could potentially leave user systems infected with a variant of FAREIT malware (detected as W2KM_FAREIT.BM). FAREIT is a known for stealing credentials stored in web browsers and email clients among others. The spammed email bore the subject Stamp needed, and informed users that they need a stamp on an invoice before they can supposedly pay them. It has a .DOC file attachment that when opened, a macro embedded in the said document triggers the execution of W2KM_FAREIT.BM.

Trend Micro protects users via detecting the spam and malicious macro. We recommend that users be wary when opening this type of email. It is also best to install a security solution that can detect spammed messages such as this.

• TMASEエンジン:8.0
• TMASEパターンバージョン:2066