2 percent Indian users affected by new Gamarue malware: Trend Micro

Trend Micro has reported that hotel booking spam has made its way into Indian users’ inboxes. As per the infection statistics, 1.89 percent of Indian Internet users have already been affected. The email purporting to be in the name of one of the hotels has a similar theme to its English-language counterpart as it contains confirmation and details on an alleged booking reservation. Elaborating further on the malware, Trend Micro shares that Gamarue is a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user.

About 2% of Indian users affected by new malware, finds Trend Micro

Pie chart depicting the infection stats



One of the Trend Micro’s Manager received this email at his personal email address, and he almost fell for it, given that he travels a lot, until he noticed the address of the hotel. It’s too bad the spammers aren’t as good with geography as making spam; the hotel does not exist in India. While he was initially looking forward to staying at the hotel, having read the excellent reviews on TripAdvisor, the email made it clear that this was, unfortunately, a scam. Meanwhile, the attachment was already flagged and detected by Trend Micro as BKDR_ANDROM.P.


“A lot of e-commerce websites pay the price of being popular.  Online travel and hotel market has become an attractive target for cybercriminals given the large volume of transactions on hotel and online sites. A frequent traveler who has done a hotel booking or checked reviews recently, in all probability, would be prompted to click that mail. When a user clicks the attachment in this spam mail, the malware known as Gamarue becomes active. It can steal from an affected user any information left behind on the emails and saved on user’s system”, said Suchita Vishnoi, head, corporate communications, Trend Micro.


Sophistication and persistence of the cyber crimes today has magnified significantly. Simple measures such as installation of foolproof software and using secure websites help in curtailing the menace of cyber threat. Just stop and think before you click on any links or attachments. Trend Micro Smart Protection Network already blocks the related domains and links, as well as blocks the particular email from even reaching users’ inboxes. It also detects and deletes the files as BKDR_ANDROM.P. 


Earlier this month, Trend Micro stumbled upon yet another malware that steals image files from all drives of an affected system and then sends them to a remote FTP server. Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .jpg, .jpeg, and .dmp files. Both .jpg and .jpeg files pertain to file formats commonly used for images, while .dmp files are memory dump files that contain information on why a particular system has stopped unexpectedly.


As per a security roundup released by Trend Micro recently, it asked Android users to be more careful while downloading apps from Google Play as there has been a sharp increase in the amount of malware found on the app market. According to a security roundup by Trend Micro, the number of high risk and dangerous apps that are targeting Android users has risen, from 30,000 in June to 175,000 in September.


The security company has also reported a rise in the number of aggressive mobile adware that collects information about the users. "Though most adware is designed to collect user information, a fine line exists between collecting data for simple advertising use and violating one's privacy," Trend Micro said. "Because adware normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out."

Published Date: Nov 26, 2012 14:34 PM | Updated Date: Nov 26, 2012 14:34 PM