{"id":72374,"date":"2011-11-30T13:03:04","date_gmt":"2011-11-30T13:03:04","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72374"},"modified":"2011-11-30T13:03:04","modified_gmt":"2011-11-30T13:03:04","slug":"malware-attack-through-itune-fake-emails","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/malware-attack-through-itune-fake-emails\/","title":{"rendered":"Malware attack through fake iTunes emails"},"content":{"rendered":"<p>Users are receiving emails which claim to be from the official iTunes store. These are specially crafted emails which lure the users by assuring them that they are amongst a few lucky ones to be selected for gift certificates amounting to $50.<\/p>\n<p>Furthermore, the emails ask the users to open the attached zip file in order to obtain their certificate code.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/itunesmessageCustom.jpg\" alt=\"\" width=\"500\" height=\"381\" \/><\/p>\n<p>Once the user extracts the zip file and tries to open the file, the malware gets executed on their machine and infects it. Unsurprisingly, there is no gift certificate either.<\/p>\n<p>The email which I received for analysis contained a <strong>Backdoor.Cycbot.G<\/strong> file. Upon execution, it allowed the attacker unauthorized access and control of the infected computer. After a computer is infected the malware connects to a specific IRC server and joins a specific channel to receive further commands from the attacker.<\/p>\n<p><a href=\"https:\/\/www.quickheal.com\/\">Quick Heal<\/a> successfully detects the malware and protects unsuspecting users.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Users are receiving emails which claim to be from the official iTunes store. These are specially crafted emails which lure the users by assuring them that they are amongst a few lucky ones to be selected for gift certificates amounting to $50. Furthermore, the emails ask the users to open the attached zip file in [&hellip;]<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,24],"tags":[35,22,23,25],"class_list":["post-72374","post","type-post","status-publish","format-standard","hentry","category-email","category-malware","tag-apple-itunes","tag-email-malware","tag-fraudulent-email","tag-phishing"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72374"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72374"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72374\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}