They impersonate the National Currency and Stamp Factory and pass off files with ‘malware’ as digital certificates

The National Cybersecurity Institute (Incibe) has warned of a new campaign in which cybercriminals impersonate the identity of the National Currency and Stamp Factory (FNMT) through ’email spoofing’ to distribute ‘malware’ through email simulating the sending of digital certificates.

‘Email spoofing’ is an obfuscation technique that consists of masking the original email address of the attacker with that of the indirect victim, which can be a user, a service or an entity, as in this case.

Incibe has recently detected a ‘malware’ distribution campaign via email, which impersonates the FNMT with a message in which the recipient is informed that a file with their identification and NIF certificate is now available for download. .

This message from fraudulent email arrives with the subject ‘Availability of the FNMT-RCM certificate’ – although it is not ruled out that different ones may be used – and informs the user that the requested digital identification is available attached and that they can install it or access a URL that attached to purchase it.

When opened, it contains a malicious executable file that ends up in the ‘Downloads’ folder and is known as GuLoader/VIPKeyLogger. Yes ok It appears to be a legitimate file, with a .iso domainactually contains malicious code.

Once it has infected the computer, it takes full control and begins to collect information to impersonate the victims with their confidential data and use them to commit other types of fraud.

Incibe has indicated that, if you have received an email with the aforementioned characteristics, it is advisable mark it as ‘spam’ and delete it from the inbox. Likewise, to prevent this ‘malware’ from spreading to other devices on the home network, it is advisable to disconnect the computer that may have been infected from the Internet.

It also recommends using an antivirus to perform a deep scan of the device in search of malicious software, as well as resetting the system to factory settings to completely disinfect it.

By Editor

One thought on “They impersonate the National Currency and Stamp Factory and pass off files with ‘malware’ as digital certificates”

Leave a Reply