A new cybercriminals’ campaign has been launched. So far, many Internet users have received fake e-mails from a "courier company" with information about receiving a package, documents or invoice.

The fake e-mail's content a dangerous link, which does not lead to the courier company’s website, but to a malicious application containing a Trojan, known as Nymaim.

If Nymaim is launched on a device, it will attempt to either lock the screen or download additional malware. If the user is located in a country in Europe or North America, the malware will download a customized lockscreen for that particular country. The lockscreen will display the ransom demand. If the user is in a country for which no customized lockscreen is available, Nymain will download a second-stage component, which can be used at a later time to download additional malware.

According to the security experts from the portal Zaufana Trzecia Strona, the new cybercriminals’ campaign is one of the most dangerous, because only a handful of available antivirus programs were able to do detect and block the Nymain Trojan.

In order to hinder the Trojan’s detection by the antivirus software, cybercriminals made sure that each infected computer received a different version of the malware. In addition, the sent e-mails can easily pass through spam filters, because they are personalized and contain unique subject, link or a infected file.

For the time being, the only way to avoid the infection is to ignore all the e-mail messages received from the unknown source.