English

AT&T ‘You Have a New Voice Mail’ Malware Email

April 6, 20190

Outline

Message purporting to be from telecommunications company AT&T claims that a new voicemail could not be delivered to the recipient. The email includes an attached file that supposedly contains the voicemail.  




Brief Analysis

The message is not from AT&T and the attached file does not contain a missed voicemail. Instead, the attachment harbours a malicious .exe file hidden within a .zip file. Opening the .exe file can install malware on the user’s computer.

Example

Subject: AT&T – You Have a new Voice Mail

Manage myAT&T Account

Voicemail Message

You have received a voicemail at 2013-19-12 35:31:25 CST.

You are receiving this message because we were unable to deliver it, voice message did not go through because the voicemail was unavailable at that moment.

* The reference number for this message is qvfl_cjl09-9107319601-2125579909-62.

The length of transmission was 24 seconds.
The receiving machine’s ID: YJH35-TW410-F37JZL.

Thank you,
AT&T Online Services

Contact Us
AT&T Support – quick & easy support is available 24/7.

Receiving ID:
YJH35-TW410-F37JZL

From Number(s):

459-330-7200

AT&T Voice Mail Malware Email

 

Detailed Analysis

According to this email, which claims to be from telecommunications giant AT&T, the recipient has a new voicemail. The message advises that the voicemail could not be delivered. The message includes an attached .zip file that supposedly contains a copy of the lost voicemail.

However, the message is not from AT&T and the attached file does not contain an undelivered voicemail as claimed. In fact, hidden inside the attached .zip file there is a malicious .exe file.



If opened, the .exe file can  install malware  on the user’s computer. Typically, such malware can harvest sensitive personal information from the infected computer and relay it to servers operated by online criminals. It may also allow the criminals to control the compromised computer from afar and download and install even more malware.

This attack is similar to another malware distribution that claims that  WhatsApp users have a new voicemail  waiting. Clicking the “Play” button in the bogus email will open a malicious website that harbours malware.

And, AT&T customers have been targeted a number of times in the past via both  phishing  and  malware  emails.



Original Source : https://www.hoax-slayer.net/att-you-have-a-new-voice-mail-malware-email/