In the campaign, the user receives an email, titled ‘invoice’, in the regional language, which states the recipient has an invoice which needs to be printed.
Screenshot 1: ‘Invoice’ email received by a victim
Screenshot 2: A page asking the user to print the downloaded invoice.
Other malicious actors have used this infection chain as well to spread malware, such as Pony and Zloader.
These events demonstrate the importance of technologies such as Check Point Threat Extraction that remove active content, as use of this attack technique is multiplying and might spread to other file types.