Phishing Email Scam Delivers Subpoena and Malware

Phishing Email Malware Subponea

Phishing Email Scam Delivers UK Ministry of Justice Subpoenas and Predator the Thief Malware Malware

Cybersecurity researchers at COFENSE report a new phishing email campaign that infects victims with malware. The phishing emails are designed to trick the recipient into thinking they originate from the UK Ministry of Justice as official court emails. The phishing email sends a fake court subpoena to targets, but if the recipient clicks on the link in the email it directs them to a malware downloader that infects the devices with Predator the Thief malware. So far insurance industry and retail companies are the targets of this phishing campaign.

Predator the Thief is a publicly available malware that steals information from infected devices. This malware infects devices and attempts to steal sensitive data.

The phishing email states that the recipient has been subpoenaed by the UK Ministry of Justice. The victim is instructed to click on a link to view the subpoena, scaring them into thinking they have only fourteen days to read and respond to it. The link sends the victim to a Google Docs file which contains another link to a Microsoft OneDrive file. The MS Word document is a malicious Microsoft Word file with macros that downloads Predator the Thief malware to the victim’s device.

UK Ministry of Justice Subpoena Phishing Scam Screenshot
COFENSE Image: UK Ministry of Justice Subpoena Phishing Scam Screenshot

What is Malware?

Malware is any kind of unwanted software or app that infects a computer, laptop, phone, router, or hardware. Malwares attempt to steal information or money from infected device. They may also be used to spy on a device or infect other hardware. Malware attacks are frequently launched with phishing email campaigns or social engineering.

Hacked sensitive information may include usernames and passwords for email or financial accounts logins. Malware often steals admin privilege and credentials to gain higher access to the infected device or network. The malware may also steal information about the device or the network it is connected to and the credentials in subsequent malware attacks.

What is Predator the Thief Malware?

Predator the Thief malware is a type of malware known as an info stealer. This type of malware steals information from an infected device. Predator the Thief hacks cryptocurrency wallets, browser information, FTP connections, and email credentials. It can also take a screenshot of the infected machine. Predator the Thief sends device and user fingerprint data back to the hacker.

What is a Phishing Email?

A phishing email is any kind of malicious email that attempts to trick the recipient into downloading a malicious file, clicking on a link that leads to as spoofed or malicious website, or attempts to gather sensitive information like credit card numbers from the recipient. Phishing emails are disguised to look like official or familiar emails that the victim may recognize like those that come from their banks, coworkers, or places that they shop. Some of them are very well crafted but usually recipients can detect a phishing email by spelling mistakes and other errors that give the fake email away.

Phishing emails steal money or sensitive data from targets. Phishing emails may be sent to hundreds if not thousands of email addresses in hopes that some percentage of people will be fooled into clicking on a link or giving up personal information that leads to identity or credential theft. When a phishing email is targeted at an individual, it is referred to as a spear phishing email

Phishing Email What to Do

The UK Ministry of Justice phishing email is especially dangerous because it contains a link that leads to a trusted source (Google Docs). This in turn leads to another trusted source (Microsoft One Drive). This allows this type of phoshing email scam to bypass spam filters.

  • Disable Microsoft macros by default
  • Do not click on links in emails from people you don’t know
  • Official subpoenas are not delivered by the courts through emails

How to Report Phishing Scmas

  • If you receive a phishing email, forward it to the FTC at spam @ and to the Anti-Phishing Working Group at reportphishin g@ If you got a phishing text message, forward it to FTC SPAM (7726)
  • Report the phishing attack to the FTC at