A malware botnet capable of spoofing the confirmation pages for ecommerce sites is targeting US shoppers in the run-up to Christmas, according to Malcovery Security.
ASProx spreads itself by telling victims that their order is ready to be picked up at a local store, including a link to a malicious website that drops malware onto the person’s system, or an email attachment used for the same end.
Gary Warner, CTO at Malcovery, said: "We were able to demonstrate that this spam message is the newest look and feel of the long-running ASProx botnet that has most famously spent the year delivering EZ-Pass Malware [targeting an electronic toll system] and Court Notice malware."
"We were also able to identify that the same ASProx botnet was currently spamming emails imitating [US retailers] Home Depot, Walmart, Costco, and Target."
While the emails appeared convincing, and included company branding, sender names and emails were not correlated to the relevant sites, meaning that an email imitating one company might be addressed from another.
The two methods of dropping malware (by link or by attachment) were also found to be linked to different command and control (C&C) infrastructure, which are used by hackers to issue malware with instructions and create a botnet.
Warner added that the malware was evolving, with newer version of the campaign targeting other US retailers like The Kroger Company and Walgreens.
Content from our partners
