Beware of the latest scam that disguises itself behind an “Endesa electronic invoice”

They discover a new Trojan that is reaching several Spanish users in the form of an email that is disguised under a template of what it claims to be an “Endesa electronic invoice”.

In recent years, we have seen a tremendous boom in banking Trojan campaigns that arrive in multiple forms and formats, although the most recurrent is from email. During its analysis of Spanish users, ESET has discovered a Trojan belonging to the Grandoreiro family, one of the most active in the last two years.

The trap of this attack is that it poses as one of the most important electricity companies in our country, Endesa, with one of the aspects that is generating the most commotion, such as the electricity bill. Despite the fact that the template itself is not very elaborate, the “Endesa electronic invoice” issue is the hook that makes people fall for the scam.

As always when we doubt the legitimacy of an email, we have to look if it has some kind of error. In the case of this campaign, we can see that the message identifier does not match the Endesa domain, revealing that it is a malicious email.

Regarding the infectious file, the email is attached with an MSI file that is supposed to be the invoice itself. Opening it causes the initial infection and cybercriminals are automatically notified that the first phase, that is, the infection, has already started.

When downloading the file, it seems that it is a ZIP extension, however, this file contains the payload of the banking Trojan. The company has reported a rise in this particular attack among many Spanish users, so it is important to be vigilant and take a good look at who is not sending the email.

See also  There is talk of a rebellion in the Complutense against Begoña Gómez and of those guilty of the failure of Irene Montero

If you are not an Endesa customer, do not even think about opening or downloading what is supposed to be an invoice, while, if you are, do the pertinent checks, compare with other emails that have been sent to you before and if you are still in doubt, do not click on it, because if it really is an invoice that you have to pay, you can be sure that they will contact you again.

Loading Facebook Comments ...
Loading Disqus Comments ...