Cybercriminals are impersonating Poltrans, a popular company, with an e-mail containing a link to an alleged invoice.

According to CERT Orange Polska, the link points to a malware. If the victim activates the link, the malware tries to steal bitcoin wallets, login data for FTP servers and installs a keylogger.

As indicated by CERT, the malware downloads and executes file from hxxp://iipko.eu/imup.exe address, which may indicate preparation for a phishing attack.