We recently detected a widespread attack on one of our customers. Within an organization of 7,000 employees, 229 users received the same email.

In these attacks, the user first receives an email from an external source regarding a request for an updated Statement of Account.

In the email, the user is asked to open an attached .gz file that contains a malicious .exe file.
The attacker tried to label the file as a Word document so the user would not suspect anything.

Once the user opens the file, the malware installs itself and from that point on the hacker has control of the machine and….MUHAHAHA.

This campaign was caught by our Threat Intelligence engine.