Fake Lufthansa Ticket Reservation Plants Spyware on Germans’ PCs
Travelers who plan to fly Lufthansa on Nov. 4 may fall victim to the most recent malicious spam shower to hit the Internet as criminals seek to deploy spyware on their systems.
A lengthy fake message notifies travelers they have been issued an electronic ticket and invites them to do the online check-in in advance using the flight data in the attachment.
Disguised as a PDF file with flight information, the attachment is, in fact, hides a dangerous Trojan (identified by Bitdefender as Trojan.Agent.BASC).
Once accessed, the Trojan deploys spyware on the compromised system. It seeks to steal system data and user credentials by keeping an eye on users’ network activities.
Browser-related credentials for Internet Explorer, Mozilla Firefox and Google Chrome and e-mail login data are other key points of interests. The Trojan monitors e-mail clients including Outlook, The Bat and Windows Live Mail as well as FTP credentials.
The collected data is sent to remote servers controlled by attackers. From these C&C servers, the malware retrieves further instructions, including to download and run files, remove itself from the system or update its code.
Fraudsters used Lufthansa as part of their con to piggyback on the good reputation of the company, which is one of the largest airlines in Europe with hundreds of destinations across the globe. The popularity of the company means more possible victims for the scammers.
Never open e-mail attachments delivered by messages you haven’t requested. Double-check the sender’s address and, if you don’t recognize it, delete it at once.
If you receive a message from an airline and are not sure it’s legit, call the company or pay them a visit to check the validity of the claim.
Use an antivirus and keep all your software up to date.
This article is based on technical details offered by Doina COSOVAN, Bitdefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.