Malware Infects UK Vodafone Clients with MMS Disguise

Cyber-criminals have infected UK Vodafone Clients with malware disguised as MMS through a wide-spread spam campaign. Customers receive an e-mail which allegedly comes from the company’s MMS service with a dangerous attachment.

“You have received a picture message from mobile phone number +4475XXXXX,” the e-mail reads. “To save this picture, please save attached file”. Phone numbers used to spread the malware vary.

When clicking on Vodafone_MMS.zip, users get infected with Trojan.Gamarue, which may steal personal information, download and execute arbitrary files, and do its updates without anyone even noticing it. After one click on the bogus MMS, users’ computers will “listen” to the control and command server run by cyber-criminals.

Gamarue may also spread to removable drives, so users should be careful when managing confidential documents through USB.

This type of malware has also been spreading in Germany in a separate spam campaign that infected users who clicked on a fake hotel booking reservation.

To stay safe on the Internet, users should never open spam e-mails or click on suspicious attachments. Having professional antivirus software installed and updated may keep them safe from e-threats as they appear.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Adrian Miron, Bitdefender Senior Antispam Researcher, and Octavian Minea, Bitdefender Malware Researcher.