Thursday, July 18, 2024

Global Leading Cyber Security Firm “Comodo Threat Research Labs” warned Be aware from “Airtel broadband Malware”

Cyber Security firm Comodo Threat Research Labs Discovered new Airtel Broadband Malware which mainly Spreading via Email Attachment with fake invoice with the subject of “Re:”  pretending to come from unknown sender of “ (or random senders)”  with a malicious zip attachment having “.JS” inside which works as Trojan downloader.

Comodo Researcher’s Said ,This malware has send to the victims by spoofed and masked send email address like Mainly Attackers use email addresses and subjects that will scare or entice a user to read the email and open the attachment.

Airtel Broadband Malware Attachment are looks like a “zipfile” With executable “Js”. Most computer viruses are spread via email attachments. This does not come as a surprise, since email became one of the most used means of communication in the last decades.

It just takes seconds to make appointments, to send files or to communicate anything, whether it is personal or business related. But, it also only takes those few seconds to cause a lot of damage.

Airtel Broadband:

Bharti Airtel Limited is a leading global telecommunications company with operations in 20 countries across Asia and Africa. it offers 2G, 3G wireless services and mobile commerce. Bharti Airtel had over 307 million customers across its operations.

comodo Researchers said’ This Airtel Broadband Malware will be vulnerable to millions of Airtel Broadband Register user especially in india. comodo request to users to be aware from the malicious executable contains attachment emails .

Technical Malware Resources:

This Samples Email attachment shows the body of the mail has been force the victim to open the attachment file.


This email data showing the details of the email attachment , sender details ,subject of the mail and Filter result form comodo korumail antispam and threat prevention appliance.

Received-SPF: Received-SPF: unknown(0: domain at does not designate permitted sender hosts)
From: Erma Cline <[email protected]>
Subject: Subscription Details
Date: Fri, 16 Dec 2016 17:29:09 +0530
MIME-Version: 1.0
Message-Id: <[email protected]>
X-SMTP-Filter: Korumail SMTP Filter Engine Korumail 6.5
X-KORUMAIL-Result: “Miscellaneous filter match”
X-KORUMAIL-Reason: attachment blocked because of filter
rule: .zip$ action: REJECT
Content-Type: multipart/related; boundary=6248592184f8b6e4eb4f6ac181b19b9e

Email Attached “Js” file:

Extracted Source code:

This result showing the extracted source code of the malware contain “js file.


Dropped attachment  file performed to capture the HTTP Request traffic find  the host of the file URL ” v-” which is  malicious line to drop the attached file.

Request URL Drop the file “gfnbr” .

Facts and Findings:

  • The Airtel broadband Malware  zip attachment contains .js file which works as a trojan downloader upon execution.
  • When .JS (Java script) file executes it tries to download malware binary from following file                   ” 26535-1481889541-140181.eml  (7,000bytes)
       ~_BA6I5B_~.js  (70,000 bytes)
         ogZWC9ed.zk   (169,000 bytes)
         rogZWC9ed  (169,000 bytes) “
  • However, obfuscated java script is not well written and throws error upon final execution.
  • Malicious .JS file Analysis Reports:

    1.SHA256 hash: 
    File name:  rogZWC9ed.zk  (169,000 bytes)

    2.SHA256 hash:  ec603e5b385baf25bcf9f766a7c294c19602c06d2d5cf63b064c0e53cefc3460
    File name:  ogZWC9ed  (169,000 bytes)


Comodo suggesting  common prevention method for malware attacks via Email:

Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email.

Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

Since My Bank doesn’t own the domain “,” DMARC will not block this email on My Bank’s behalf, even if My Bank has set their DMARC policy for to reject messages that fail to authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.

Tip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Tip 5: Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone.

Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.


Latest articles

Volcano Demon Group Attacking Organizations With LukaLocker Ransomware

The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which...

Resonance Security Launches Harmony to Monitor and Detect Threats to Web2 and Web3 Apps

Quick take:Harmony is the fourth cybersecurity application Resonance developed to address the disconnect in...

Beware! of New Phishing Tactics Mimic as HR Attacking Employees

Phishing attacks are becoming increasingly sophisticated, and the latest strategy targeting employees highlights this...

MirrorFace Attacking Organizations Exploiting Vulnerabilities In Internet-Facing Assets

MirrorFace threat actors have been targeting media, political organizations, and academic institutions since 2022,...

HardBit Ransomware Using Passphrase Protection To Evade Detection

In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware...

New Poco RAT Weaponizing 7zip Files Using Google Drive

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.These...

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles