The Intuit Information Security (IIS) team is issuing an alert advising customers to be cautious of a phishing campaign using a very dangerous strain of malware called “Pony.” The Pony malware attempts to steal passwords by decrypting or unlocking passwords for over 100 applications, including VPN, FTP, email, instant messaging web browsers and more.
The current malware attack is spread by email and launched by opening an email attachment. When a user opens the attachment, the user is notified that protections are on, but then the user will be asked to “enable editing and content” functions, which launches the malware.
The following email message looks legit, but is not, and is being used in the attempt to spread the malware:
Source: Intuit Security Center