Cable Mágico is a cable television provider in Peru, in the last few hours emails have been circulating that seem to be sent by them but are actually sent by cybercriminals to infect with a Trojan, what they offer is a supposed program to watch the matches of the qualifying rounds directly on the computer:
To convince victims, attackers also include an image from CMD, a popular sports channel. As you can see in the following screenshot, the links point to a site .ru (Russia) which is very suspicious, as these domains are often heavily used by cyber criminals:
Fake mail with malicious links and spelling horrors
Clicking starts downloading a file called Cablemagico.exe that far from being a program to watch games, it is a Trojan that infects the system (VirusTotal 14/43). Note that the attackers clarify that it is necessary to deactivate the antivirus to install the application, this old story leaves the computer totally unprotected and ensures the infection.
As we can see, it is a fairly simple attack and within all ingenious, soccer is very popular in Peru and many users would be attracted to such a program, especially if it appears to be a promotion by the cable operator. Be careful with what is downloaded, especially if we receive it by email!
Thanks Nato for sending it.