Yesterday I received a mail regarding “Payment Processed by Visa Bill Pay” as below…
If one open this file then a Trojan get installed on system in application data folder, this Trojan connect to below domain and it may further lead to fake antivirus scams, malicious redirects, viruses, trojans, rogue installers, key loggers, droppers, browser exploits, and a range of other security threats.
https://votrebuyh.com/xman/xman.bin
https://votrebuyh.com/xman/gogo.php
“VISABILLPAY-VODAFONE.exe” is a Banking Trojan which is used to steal banking credentials from the victim (including confidential details such username, password, credit card number, etc.). By harvesting cookies and accessing other information, the criminals can extract a lot of personal information which can be used to increase their chances to get access to the victim’s online banking account.
Quick Heal detect this as Trojan.Agent2.cuyv