The more things change, the more they remain the same. Cybercriminals are still using various news events as bait to get users to read their emails and install malware. Proof: we received email samples that used the Ramadan and an upcoming conference — all to lure users into downloading and executing the malicious attachments.
Ramadan-Themed Message Carry Malicious Files
With the recent observation of Eid ul-Fitr marking the end of the Muslim holy month of Ramadan, certain attackers crafted Ramadan-themed messages to take advantage of the event. We found two email variants that contain .XLS attachments verified to be malicious (detected by Trend Micro TROJ_MDROP.AIG).
The sender address contains the word “Uyghur”, which is likely a spoofed email address created by its perpetrators to make it appear that it came from the World Uyghur conference. The malware associated with this email is under analysis.