"You have audio message" spam upsurge

From today's ISC report:

You Have Got a New Audio Message - Guest Diary by Pasquale Stirparo 

[Guest Diary by Pasquale Stirparo]

Few weeks ago we witnessed a quite significant wave of email carrying with them a zip file containing an executable.

The only common thing among all the emails was that the sender name (not the sender email address) appeared to be "Whatsapp" or "Facebook" all the times, while the subject was always referring, in different languages (and sometimes terms), that "You got a new audio (or video) message". Some of the subjects I saw are:

  • Subject: Sie haben einen Videohinweis erhalten!
  • Subject: Ein Hörbeleg ist versäumt worden!
  • Subject: Di recente, hai raccolto un avviso video
  • Subject: Du hast eine Hörakte.
  • Subject: You recently got an audible message!
  • Subject: Ein akustisches Dokument wurde bloß übergetragen

On the sample side, the extracted exe has usually the name of a person like jack.exe or brent.exe and the malware seems to be a variant of Nivdort [1](also named Bayrob in some reports), which once installed it allows backdoor access. This malware family is not new (it has been around since April 2013 [2]), but anti-virus tools were apparently lagging behind this last Nidvort email wave, and most did not provide realtime protection.

[ ..... ]

[My bolds above]

So be careful, as always, with unexpected emails especially with attachments.