Nearly two months have passed since news of the Heartbleed bug went public, but spammers continue to exploit fear of the now infamous OpenSSL vulnerability in order to deliver information-stealing trojans.
In a new, yet familiar spam campaign, emails that claim to come attached with a Heartbleed bug removal tool actually deliver an Infostealer trojan, according to a Tuesday Symantec post, which explains that the trojan logs keystrokes and takes screenshots.
Several clues give the scam away, such as a subject line that is entirely unrelated to the remainder of the email, and how the Heartbleed bug is referred to in the body of the email as a virus that can be removed.
A month ago, researchers with Dell SecureWorks Counter Threat Unit identified a trojan, referred to as HelloBridge, which was masquerading as a Heartbleed bug testing tool.