Websense intercepted a malware campaign targeting Blackberry customers. These fake emails state that the recipient has successfully created a Blackberry ID.
The messages then continue, "To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file." That, of course, is an attempt to lure victims into running the attached malware.
The malicious email itself is a copy and paste of a legitimate email from Blackberry.
ThreatScope analysis, which is a part of the Websense CSI service, reports that running the attachment drops other executable files and modifies the system registry to automatically start these malware programs when the system starts.
The attachment is detected as Androm Trojan in VirusTotal. At the time of writing, 17/36 AV engines identify the malware in VirusTotal. The same malware(SHA:79a2efa68564c2d8ebc87c80746e2d2ec955b726) used in the spam mail disguised as coming from Booking.
![](https://pinterest.com/pin/create/bookmarklet/?media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHP0O027NK62GPGV745KRkMWZ3-D5vFFT1bqtgNk9bvlCil_Bv9VQEqAbY4sCHtZjSEnJnWWys7hyyHjvkGS68x2WH6BKiUa_Up_233YCItfdwdEmBbc5TMuF9ah-8sMkXhwxLCa9FWY4/s1600/spam-mail-androm-trojan.jpg&url=https://www.cysecurity.news/2012/08/your-blackberry-id-has-been-created.html&description="Your BlackBerry ID has been created" spam mail leads to Androm Trojan){kind=link}