Achiva Emal Scam

Threat actors are trying to infect the computers of unsuspecting users via corrupted spam emails carrying poisoned file attachments. The lure emails disseminated as part of this particular attack campaign pretend to be correspondence from a Vietnamese company named ACHIVA VIETNAM CO.LTD. The supposed company wants to receive the 'best price' offered by the recipient of the email as soon as possible. To make the whole message appear more legitimate, the fraudsters have included the supposed telephone number and email address of the company.

Users are asked to review the RFQ (request for quotation) document attached to the email. The delivered archive could have a name similar to 'RFQ#569823_345785TKH.GZ.' Inside it, users will find an executable file named 'damage goods and new order.exe.' Launching this file will infect the computer with a malware threat tracked as GuLoader. Malware of this type is typically deployed in the initial stages of the attack chain and is tasked with the delivery of next-stage payloads. Afterward, the attackers may deliver RATs (Remote Access Trojans), info-stealers, crypto-miners, or even malware on the breached devices, depending on their particular goals.