Canada Post Scam

Here’s a new scam. You will get an email from “Canada Post” asking you to download a “notice card” to collect a package that “Canada Post” has been trying to deliver.

Do not click on that link. It’s a zip file containing a .vbs malware scrip.

The script itself is encoded, with the decoding logic built in. I re-wrote the decoding logic in Python to figure out what the script really does, and here’s what I found out.

The script will disable “Security Center” and call another URL and download and execute another piece of malware from a third URL on the domain

The domain is registered by an organization called Clueup India in Ahmedabad, India.

I have reported this incident to Canada Anti-fraud Centre with all the information I have and hopefully, they can get that website shutdown to prevent the malware from spreading.

If you have already clicked through to the link, shutdown your device immediately, and you might need to talk to someone who knows how to properly clean up malware.