Wells Fargo Customers Targeted by Information-Stealing Fareit Trojan Through Spam Campaign

Currently, Wells Fargo customers are being warned by several different security outlets to be on the lookout for emails pretending to come from the financial institution but are, in fact, spam campaigns laced with the Fareit Trojan.

The Fareit Trojan is a known threat that has been recently spotted disguised as a PDF file in many different countries including Australia, Croatia, France, Belguim, Egypt, Romania, Spain the UAE and now in the United States of America. Fareit Trojan has the ability to steal personal data and directing the infected machine to play a part in a distributed denial of service (DDOS) attack.

The actions of the Fareit Trojan are reminiscent of the infamous Zeus Trojan, which was capable of pilfering online banking data to earn cybercrooks a quick pay day.

A relatively new spam campaign, one primarily aimed at Wells Fargo customers, is one that pretends to be a collection of 'important documents' sent as an email. Within these particular spam campaign messages, as shown in Figure 1 below, the message has a from-email address listed as 'wellsfargo.com' along with what appears to be a link to unsubscribe and view an email disclosure. The funny part is that the links contained within the email actually point to legitimate WellsFargo web pages. It is possible that these alleged WellsFargo links are placed just to make the email look legitimate and not raise any suspicion.

Figure 1 Example of fake Wells Fargo email containing Fareit Trojan within attached Zip file. - Source: Bitdefender

Delving deep into the structure of the email you will find an attachment named 'WellsFargo.swimmerskcu.zip', which many researchers have discovered to be malicious cocktail containing the Fareit Trojan.

Computer users, no matter if you are a Wells Fargo customer or now, are advised to be cautious of any email claiming to be from a banking institution that has an attachment. Most times banks will not send you an attachment within a zip file without previous contact or notification.