Alerts E-Threats

Fake Lufthansa Ticket Reservation Plants Spyware on German’ PCs

Travelers who plan to fly Lufthansa on Nov. 4 may fall victim to the most recent malicious spam shower to hit the Internet as criminals seek to deploy spyware on their systems. 

A lengthy fake message notifies travelers they have been issued an electronic ticket and invites them to do the online check-in in advance using the flight data in the attachment.

Disguised as a PDF file with flight information, the attachment is, in fact, hides a dangerous Trojan (identified by Bitdefender as Trojan.Agent.BASC).

Once accessed, the Trojan deploys spyware on the compromised system. It seeks to steal system data and user credentials by keeping an eye on users’ network activities.

Browser-related credentials for Internet Explorer, Mozilla Firefox and Google Chrome and e-mail login data are other key points of interests. The Trojan monitors e-mail clients including Outlook, The Bat and Windows Live Mail as well as FTP credentials.

The collected data is sent to remote servers controlled by attackers. From these C&C servers, the malware retrieves further instructions, including to download and run files, remove itself from the system or update its code.

Fraudsters used Lufthansa as part of their con to piggyback on the good reputation of the company, which is one of the largest airlines in Europe with hundreds of destinations across the globe. The popularity of the company means more possible victims for the scammers.

Never open e-mail attachments delivered by messages you haven’t requested. Double-check the sender’s address and, if you don’t recognize it, delete it at once.

If you receive a message from an airline and are not sure it’s legit, call the company or pay them a visit to check the validity of the claim.

Use an antivirus and keep all your software up to date.

This article is based on technical details offered by Doina COSOVAN, Bitdefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

1 Comment

Click here to post a comment
  • Analyst Doina Cosovan Genossen Ich lernte eine Menge nützlicher Informationen.Vitdefender Frau legte Antiviren-und Malware-raspostranen Informationen über forumah.Lyudi lesen

    Stuxnet kam zu dem russischen Kernkraft und Raum.