10 best mechanical keyboards for gaming, typing, and working (2021)

The fraudulent email that impersonates the DGT returns to install a Trojan on your computer

No, you have neither an outstanding fine nor an unpaid fine. The mail that in recent days has reached many Spaniards is nothing more than the second life of an email scam that seeks to install a Trojan on our device. It is neither from the DGT nor from the Ministry of the Interior.

It is not the first time that a malicious campaign of these characteristics impersonates the General Directorate of Traffic and it probably won't be the last.

The campaign of fraudulent emails that download 'malware' under the pretext of an alleged fine without paying has returned

Alluding to an alleged fine to pay, with a reasonably well structured message that could pass for official, it seems that it has worked for the responsible cyber attackers in the past and they are repeating strategy to infect more victims. Of course, do not click on the link.

The alleged "unpaid fine" is a Trojan

Screenshot of the email in which the General Directorate of Traffic is impersonated

Screenshot of the email impersonating the Directorate General of Traffic.

The mail in question usually arrives with a subject that reads "Fine not paid" and with a sender who, a prioriIt could look like the real Ministry of the Interior or the DGT. The body of the message tells us that we have a pending fine addressed to us or our vehicle and that to see the notification we must access the electronic headquarters of the agency through a Windows computer.

We must not click on the link in any case since we will not access the electronic headquarters of the General Directorate of Traffic, but we will start the download of a compressed file hosted on Azure, Microsoft's cloud. According to ESET research, in this campaign the execution of these files will trigger an execution of commands to, taking advantage of our system's own tools, download additional files to continue with the infection. Everything in a transparent way for the user.

Cybercriminals take advantage of the operating system's own tools to download additional files with which to complete the infection of our computer

Google launches a test on phishing to find out if you are able to detect when they are deceiving you

Among other files, the Trojan known as Mekotio will reach our computer, a malicious banking-type program that has detected Germán Fernández. The main purpose of this Trojan, especially aimed at Spanish-speaking countries, is to steal bitcoins or steal web access credentials, although it can also disable devices by deleting system files.

If we have downloaded and executed the malicious files we will probably be infected, so we will have to completely scan our equipment with an updated antivirus and follow the steps that you propose to eliminate the malware. To help us, we also have at our disposal the telephone number 017, the toll-free number of the National Institute of Cybersecurity of Spain to make inquiries about cybersecurity.