Spoofed Companies House Secure Form Contains Banking Trojan
The following is an example of an email containing the subject of “Companies House secure form” pretending to come from Companies House but actually from a spammer. The email attachment contains a banking trojan. The domain name is also new, and only registered in December 2017.
They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment.
Some of the message details state “This message has been generated by Companies House Secure Form” and “Note: Attached documents are encrypted with a unique Private Key” see below image for the full message text.
The email appears to be from [email protected]
It contains an attachment called Secure_Form.doc this file contains a banking trojan.
Domain Name Information
ns2.companieshouse.governmentforms.org
Subdomains linked to this include (they contain malware do not visit them !) :-
- mta5.companieshouse.governmentforms.org
- mta11.companieshouse.governmentforms.org
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.