Unusual Malspam campaign targets banks with Microsoft Publisher files

August 20, 2018

The peculiarity of this malspam campaign is the unusual use of a Microsoft Office Publisher file to infect victims’ systems.

Experts noticed an anomalous spike in the number of emails with a Microsoft Office Publisher file (a .pub attachment) and the subject line, “Payment Advice,” that was sent to domains belonging to banks.

This campaign is very small but appears to be very focused on banks.

The spam messages contained URLs that downloaded FlawedAmmyy remote-access trojan (RAT), a well-known backdoor.

Read More on Security Affairs