Did you receive an “invoice” or “receipt” by e-mail? Great watch out for them!

November 20, 2021 Bary Howards

In its regular monthly report, ESET drew attention to the most common types of cyber attacks in the Czech Republic in October, and most of them are still “frustrating” attempts to obtain passwords via e-mail. The attackers specifically rely on Czech written messages and credible designation of attachments. They name the malicious files as “invoice” or “receipt”. But instead of the necessary documents, they hide spyware. Most often specifically named “Agent Tesla” a “Formbook”.

“The Czech Republic is one of the primary goals of these campaigns. This is evidenced by the Czech name of the e-mail attachment from the October wave of attacks. The attachment was named this time invoice 2021NOV-INV_IX_08799.exe. Again, we can see that the attackers are using Czech and credible attachment names to confuse the user, and he has run the file in a moment of inattention. They chose the same strategy last month and continue to work actively on their campaigns, ”says Martin Jirkal, head of the analytical team at ESET’s Prague office.

Tesla’s Spyware Agent, which deals with the term “invoice”, has repeatedly appeared in detection data since the beginning of 2021. The word “receipt” (via file Účtenka.exe) again abuses Formbook. He also focuses on user passwords stored in Internet browsers. “It reached relatively high detection numbers in October. He attacked the most in Japan. After the Turkey and Spain, the Czech Republic was the fourth country targeted by the attackers in a global context. Its highest activity was recorded on October 29, “adds Jirkal.

He was again in third place in terms of threats password stealer Fareit, however, did not increase its activity compared to previous months. He spread e-mails in English, in which the attackers pretended to be employees of courier companies. How not to run similar attacks? First of all, you need to be automatically aware of attachments with the .exe extension. It is advisable to use it for password protection two-phase verification at login or 2FA.