Spoofed NatWest Email spreading Banking Trojan

New spoofed email message for NatWest Bank have been spotted by security researchers. the email contains a link that download a malicious file on Dropbox a free cloud file storage service. This shows another way how cybercriminal are using innovating technologies to promote their malwares.

Looking at the message it is similar to what customer receive from their banks to check account status:

From:     NatWest.co.uk [noreply@natwest.co.uk]
Date:     23 May 2014 11:36
Subject:     NatWest Statement

View Your May 2014 Online Financial Activity Statement

Keep track of your account with your latest Online Financial Activity Statement from NatWest Bank. It’s available for you to view at this secure site. Just click to select how you would like to view your statement:

View/Download as a PDF

View all EStatements

So check out your statement right away, or at your earliest convenience.

Thank you for managing your account online.


NatWest Bank

Clicking on the link victim will download a NatWest_Financial_Statement.scr file that is a financial malware called ZeuS a trojen horse that will make the computer part from a botnet and collect banking sensitive information. According to Dynamoo Blog At the moment the detection rate on virus total is low with only 3 antimalware that recognize the malicious file while remaining security product mark it as safe.

If you receive a similar email ignore the message and make sure to call your bank asking about this case so the fraud prevention team may assist with the security incident case. Also scan any file you download with your security software from online file storage before you open them.

Notify of
Inline Feedbacks
View all comments