".CAB" Malicious Email Attachments Being Sent by Cybercriminals

.CAB Malicious Email Attachments Being Sent by Cybercriminals

Would you share this Article with others?

Online users who have received unexpected email messages with attached files with names ending with ".cab" are asked not to open them. This is because the attachments are compressed files that may contain malware, malicious programs or viruses. And, any attempt to open the malicious attachments will result in the recipients getting their computers infected with a virus, Trojan horse, spyware, ransomware or other malware.

A Sample of a Malicious ".CAB" Email Message


Tue 6/18/2019 5:49 PM

From: Dinesh Padave | ARCPL - dinesh.p@amiriddhient.com

Attachment: PO- FOR 1 D-M MDC-PDF.cab (936 KB)

Dear sir,

PFA P.O. for 1 D-M MDC & email us invoice for the same soonest

Best Regards,

Dinesh Padave

Sr. General Manager - Logistics

Description: Description: Description: logos 2 & Description: Description: Description: bhavik chem 2

Admin & Correspondence Address:-

Office No. 16, 2nd Floor, Building B-1, Laxmi Nivas CHS Ltd, Pai Nagar, S.V. Road,

Borivali (West), Mumbai – 400092.

Boardline: 022-46123000

Direct: 022-46123014/15

Fax: 022-46123012

Email ID: dinesh.p@amiriddhient.com / info@amiriddhient.com

Cyber criminals usually store their malware in compressed files to help prevent antivirus software from detecting them. In other words, they do it because the compressed malicious email attachments may bypass the recipients' antivirus software.

What is a ".CAB" file?

Cabinet is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for maintaining archive integrity. Cabinet files have .cab filename extensions and are recognized by their first 4 bytes MSCF. Cabinet files were known originally as Diamond files

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Check the comment section below for additional information, if there is any. Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com. And, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent. Also, to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
(Total: 1)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts.

  • June 18, 2019 at 6:40 PM by info

    "Re: F.O.A 123/62-18/AD/2019 Supply

    Tue 6/18/2019 6:38 PM

    From: "Sales" - rey@reyzzz.club

    Attachment: P0#6475663.cab (934 KB)

    Dear Sir,

    Please find the attached Signed & Stamped Purchase Order for P0#6475663 attached.. For further inquiry please don't hesitate to contact us. With regards, AL IHTIMAM GENERAL TRANSPORTING ESTABLISHMENT Tel: 02-5516009, Fax: 02-5516009, Mob: 054-3088711 P Consider the environment. Please don't print this e-mail unless you really need to. Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.

    Kindly don’t print it unless it is highly needed. If you have received this email in error you should not disseminate, distribute or copy this e-mail and please notify the sender immediately by e-mail. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited."

    Here is another scam.


 Show More Comments (1)
Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.
Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

".CAB" Malicious Email Attachments Being Sent by Cybercriminals