'We Receive Another Bank Information' Email Scam

The emails that are part of the 'We Receive Another Bank Information' operation are extremely threatening, as they are used to spread a potent Trojan threat. The attackers rely on the emails to trick unsuspecting users into executing the attached file and triggering the harmful payload. Infosec researchers have determined that the disseminated threat is a variant of the NanoCore RAT (Remote Access Trojan).

The bait emails are designed to appear as if they are being sent by a representative of an unspecified bank. The message claims that there was an issue with the user's bank account and, to resolve the problem, they now require certain information. Attached to the email is a corrupted file that could have a name similar to 'Doc#02072022.r00.' Hidden in this archive file is an executable designed to deploy the NanoCore RAT on the user's system.

Once it has infiltrated the targeted computers successfully, NanoCore can provide backdoor access to the attackers. Depending on the particular goals of the cybercriminals, they can abuse this access to deliver additional malware threats, such as ransomware, cryptominers, keyloggers, spyware and more.