Status Cashback: There is a virus in the download form

The first official phase from 1 January 2021 Half year state cashback: Nearly six million Italians are accumulating 50 electronic transactions needed to repay up to 150 euros. Super cashback da 1.500 Euro. However, someone else is trying to use it to affect the devices of the Italians Virus.

It was invented by the Italian Internet Security Company D3Lab, Who contacted it CERT-AGID, The Agency for Digital Italy’s Computer Emergency Response Team, which reports to the chair of the Council of Ministers. CERT later released news and details to warn everyone: One is in circulation Email It invites you to a download Modular Get the 2021 state cashback, but there is a virus in the form. It will be together malspam campaign “Made in Italy”And the virus is not very complicated, but it is enough to spy on the infected computer.

Fake email with cashback form

Everything starts as usual from emails sent to thousands of addresses. The Sender There is [email protected] WhenSubject There is “Request to fill out the form“. தி The body of the email As follows: “Dear User, Your financial status needs to be updated to receive the 2021 State Cashback you need to fill out the form attached to this email. Below is a form to print and fill out in PDF format that can be sent by preference mail“.

A link follows, which will lead to the infamous PDF format. But, in fact, if he clicks on the link the user downloads not a PDF file, but an executable written in Visual Basic 6, which, once started, connects to an FTP server and downloads the real virus: a Keylogger.

Keyloggers Malware Can Record what we type Then send the data stream to the remote server on the keyboard. Anything can be included, including this data Username and password In our accounts. Including that Bank.

The malware was made in Italy

According to CERT-AGID “There is a lot of evidence that the author of the malware is Italian. A foreign malware writer rarely uses VB6, or at least we haven’t found anything to date“The writer may be a young hacker or he may be a newcomer since he left many traces (either one). Company) Within the files sent by email.

However, this does not mean that it is a completely classic phishing campaign and that the most basic virus should be underestimated: if the user clicks on the link, the file downloads and there are good chances that it is not protected by antivirus Malware kicks With all the effects already described.

How to protect yourself from cashback virus

Knowledge of the first defense against this virus State Cospac Rules: No form required to join, you simply need to download and use the IO app or use one of the apps Cashback Sensa SPID.

The cashback scheme is operational Bagoba Spa, Who does not send any emails to anyone, on the contrary, Use only IO For all communications and messages for users. Therefore, anyone who receives a cashback related email can be sure that it is a virus or fraudulent attempt.