VERY IMPORTANT

Malicious spam (malspam) often uses malware attachments or links to malware disguised as legitimate documents. In Brazil-based malspam, such malware often impersonates a document called “boleto.” Boleto is an invoice document for Boleto Bancário, a Brazilian payment method commonly used in e-commerce. We occasionally run across malspam with fake boleto attachments, and these generally target Brazilian organizations. In one such campaign, we’ve seen over 260,000 emails since June 2017 as shown in figure 1.