Email titled “My New Photo ;)” actually Contain Malware – A .Zip file has an attachment Supposedly containing the promised image.

Summary:

Hackers, in their latest spree, are spreading fake emails with a much alluring subject “My New Photo ;),” which in reality contains a malware. There is a .Zip file harbouring the photo in a .exe file. When the allured user opens it, it immediately installs a malware on the desktop or computer. Hackers have employed really advanced social engineering skills to make at least a few curious recipients enticed enough to open the attachment.

email-titled-my-new-photo-actually-contain-malware

Detailed Analysis:

The mail that has lately been hitting inboxes of users from across the world contains a very attractive subject “My New Photo;).” This brief subject line along with the “wink” smiley appears to be very interesting. Inside the mail, the message of the subject line is repeated and people are invited to share their own picture if they like the attached image.

In reality, these types of emails have an attachment titled photo.exe and the alleged sender is a female having a very common name like Sarah, Emily, Lucy and Mary. In some emails there is a surname “love” used with the first name but in many emails just the first name is given.

Attachment in the Email Contains Trojan

As soon as the user (especially those having little to no privacy and desktop security knowhow) opens the file a Trojan gets installed and it immediately creates links to serves being controlled by hackers. Resultantly, many new malware will automatically be transferred and your browser will be redirected to websites you may not wish to visit.

A Very Smart Social Engineering Trick Indeed!

Hackers, with this attack, hope to exploit natural human characteristics of curiosity and desire for tricking unsuspecting users into opening the attached file.

The suggestive smiley and usage of female names can easily compel naïve and somewhat forever hopeful male users towards clicking the file just to view the promised salacious image.

To many users, such simple social engineering tricks may appear transparent because these tend to be really effective. This is why everyday people from around the world complain about their computers getting infected due to fake campaigns some of which ask you to open attachments whereas some provide URLs to be followed.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.