Alerts E-Threats

Citibank Paymentech Electronic Merchant Billing Statement Spam Infects Users with ZBot

New spammed malware campaign aims at Citibank Paymentech clients to collect passwords and open backdoors for remote attackers to dispose of compromised systems at will.

This new campaign consists of random e-mails allegedly sent by a Citibank billing department. The electronic messages deliver as attachment an archived document hiding an executable malicious file.

In the body of the message, scammers ask recipients to avoid sending a direct reply and to look instead for contact details in the attached Statement ID (plus a string of random numbers).

Instead of a billing statement, the attachment contains one of the numerous variants of the Zbot malware ready to disable the system’s firewall, snatch passwords and open backdoors so remote attackers can reach and control the compromised machines and download further malware.

Bitdefender detects the attachment as Trojan.GenericKD.973769 and protects its customers from the menace.

Hoax Slayer reported a similar attack against Citi customers here.

It’s been barely three months since the last spam campaign targeting Citi customers for sensitive data serving people e-mails with “You have received a secure message” that was delivered with a dangerous attachment.

The e-mail message in the current campaign is sloppy and messy, which should give even the untrained eye a sense of distrust and discourage readers from opening the malicious attachment.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the spam samples provided courtesy of Daniel ICHIM, Bitdefender Spam Researcher.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.