SophosLabs has discovered a fascinating piece of malware a few days ago, it’s a data-stealing Trojan directed at Mac users. It spread via a type of “undelivered courier item” emails connecting to a dodgy server that checked if you were running Windows or OS X, and handled it appropriately.
The scam works by sending you a false email claiming that your courier company having trouble delivering your article, than the targeted user clicks the link to a unidentified server.
The link in the picture doesn’t lead to fedex.com.ch of course, but rather brings you to some website which is managed by the attackers. If you’re on a mobile device, the server delivers an error message.
If you use a desktop browser that’s not Safari, you discover a ZIP file that contains a Windows program discovered by Sophos Anti-Virus as Mal/VBCheMan-C, a vague relative of the Zbot or Zeus malware.
You can view the full analysis on Sophos site here.