AhnLab Security Center


Your Amazon.com Order Has Shipped!


Scams ramp up ahead of Black Friday as cybercriminals exploit deals and discounts to attract Black Friday shoppers. ASEC (AhnLab Security Emergency-response Center) has recently identified scam campaigns disguising as Amazon emails to distribute RAT malware. 




The attack begins with the attacker sending the target victim a malicious email titled, “Delivered: Your Amazon.com Order.” The email states that the ordered item has been delivered to the requested address and guides the victim to click on the attached file to check the delivery status, as shown in Figure 1. Once the victim downloads or runs the file attachment by decompressing it, the malware disguised as an executable(.exe) is executed. 



Figure 1. Fake Amazon email about shipping order


Once the target PC is infected with the malware, the attacker can remotely control the victim’s PC. The attacker can also perform malicious activities, such as stealing sensitive information (web browser history and login credentials). AhnLab’s anti-malware solution, AhnLab V3 can detect and block the malware.


Nonetheless, to prevent all damages caused by the malware, users must ▲refrain from executing file attachments/URL from suspicious sources ▲maintain the latest version of anti-malware programs and enable real-time scan ▲scan the file with up-to-date anti-malware before executing ▲maintain the latest version for all OS, web browsers, and application programs ▲​apply security patches for all Office SW programs.


Black Friday and Cyber Monday scams continue in various themes. Thus users must always be cautious and refrain from executing suspicious files/URLs from suspicious senders during this time.