Security News > 2021 > March > BP Chargemaster's Pulse rebrand let crims send IcedID banking trojan from formerly legit mailboxes
BP Chargemaster, purveyors of sockets for electric vehicles, seemingly had its email domain hijacked by criminals who used formerly legitimate addresses to send banking trojans to customers.
Register reader Matt received some emails from BP Chargemaster which he was certain didn't come from the company.
We asked F-Secure to have a look at the malicious attachment sent to Matt and the firm's Calvin Gan, senior manager in its Tactical Defence Unit, told The Register: "The email is a malspam campaign spreading a new version of the IcedID banking trojan. The zip file contains a malicious Excel spreadsheet which uses the Excel 4.0 macro feature to hide its code."
BP Chargemaster also advised people receiving those emails not to open them or the attachments and said it had informed the Information Commissioner's Office, while it carries out "a detailed investigation".
When asked for comment, a BP Chargemaster spokesman responded with a statement substantially identical to the email sent to customers, and did not elaborate on what had happened inside BP that caused the compromise of its email infrastructure.
The incident may have some similarities with one affecting London cloud firm Datrix, whose email systems were nearly used to send "Several thousand" malicious messages after a staffer fat-fingeredly opened a phishing email back in 2019.