Skip to main content

New malware campaign dupes victims with Dropbox disguise

A new malware campaign has been discovered by security (opens in new tab) firm AppRiver, with infected emails masquerading as official notifications from cloud storage firm, Dropbox.

The emails are disguised with a sad computer face claiming the recipient has requested a password reset and that their old password is now "dangerous". The email is marked as coming from 'The Dropbox Team'.

The message itself contains a link that leads to a page prompting the user to update their browser. AppRiver warns that clicking any of the links in this notification page downloads "a Trojan that is part of the Zeus family."

Zeus is a banking Trojan designed to steal victims' financial information. Jonathan French, security analyst at AppRiver explains that whilst Zeus has been around for a while, that doesn't mean it is no longer a threat.

"In some cases, scammers can make minor changes in the malware code that prevent security software from blocking it. A spot check on Friday revealed that this particular Zeus Trojan was being caught by 29 of 48 antivirus vendors. As of this morning, 34 of 48 are catching it. So a few vendors added information about that virus over the weekend, but some are still missing it."

AppRiver (opens in new tab) researchers tracked the latest Zeus campaign to 54 unique domains, all of which were hosted at the web domain in Russia.

French warns, "The best thing users can do is make sure their antvirus service is one that reacts to threats in real time and consistently updates all their software. Leaving your antivirus out of date for even a few days could leave you helpless against new threats."

Below is an example of how the scam appears in the malicious email, so if this lands in your inbox don't go clicking on that 'Reset Password' option.