Trojan Attack Masked as Payment Confirmation

A sophisticated attack is leveraging the ability to evade detection with the use of a rapidly changing Trojan attack pattern, according to researchers at GreatHorn. The research team identified what it called a widespread Trojan pattern that uses multiple different subject lines, email content, email addresses, display name spoofs and destination URLs to disguise itself as a confirmation on a paid invoice. The lack of consistency found in a typical volumetric attack makes this particular threat sophisticated because it is more difficult for email security tools to identify and block, researchers said. The researchers have not been able to identify any patterns to the targets in terms of specific departments or functions within an organization. In addition, the Trojan appears to be using email addresses from compromised accounts in some cases, while in others the threat spoofs the name of an employee in the target company or uses an unrelated name combined with the email address of a compromised account.