Amazon Shipping update email contains malware

Waiting for a delivery from Well, be careful if you receive a notification in your email – as it could be that hackers are trying to trick you into infecting your computer.

We’re intercepting a wave of forged emails which claim to come from, but unlike regular emails from the dot com giant they have a malicious file attached designed to run a Trojan horse on your computer.

In a seeming attempt to entice users to open the dangerous attachment, the emails have embedded inside them an image of a familiar half-opened Amazon branded package.

Amazon email malware attack

The emails have the following characteristics:

Shipping update for your order 254-71546325-658732

Message body:
Shipping update for your order 254-78546325-658742

“[Image of Amazon package]

Please check the attachment and confirm your shipping details.

Attached file: Shipping

Sophos detects the attached file as Troj/CryptBx-Zp and Mal/CryptBox-A.

As always, be sure that you have kept your computer’s defences up to date, and ensure that you never open unsolicited email attachments. An email can claim to come from a well-established brand like Amazon, but easily be a forgery created by hackers.