A very convincing phishing campaign is under way against clients of several banks doing business in the Republic of Serbia. The phishing email seemingly sent out on behalf of several banks and appearing to be arriving from a legitimate domain, contains a notification on foreign exchange inflow and a malicious .pdf zip file attachment, activating a malicious code in the background. The malicous attachment is very sophisticated and has been recognized only by a few anitvirus softwares. For more details, please visit:
Based on the available information, we notify the public that these emails are not being sent from the banks' servers.
The National CERT urges all bank clients who receive silimar emails to delete them right away and, under any circumstances, not to open the attachment.