Sunday 26 March 2017, Poradnik bezpieczeństwa

Netia's customers attacked by a "serial" cybercriminal

Lost24

Another wave of attacks, this time aimed at Netia clients, was reported by a portal Zaufana Trzecia Strona. Thousands of mails with malicious programs have been sent to this group of Internet users. The massages contained all the original data of the clients (previously stolen from the company's database) and an attached folder with false invoice.

After opening such message the computer can be infected with a trojan that was designed to collect sensitive data, such as mailbox logins and passwords. However, the installation process of the virus can not be perform without the “help” from the users themselves. According to the portal Zaufana Trzecia Strona to run malicious code, the user must first unpack the attached folder (RAR file) by entering a password included in the message.

The portal also informs that over the last four months the same form of attack was used against the clients of other companies, such as Polish Post, Play or DPD. In all thous cases the same type of maleware (trojan vjw0rm) was used, and only the content of the sent massage was altered to make it more credible to the individual victims. Due to the same modus operandi it is believed that the cyberatacks were conducted by the same hacker known as Thomas.