Do not open Fake Emails with Zip file attached

Hello.
I received 3 strange @ today from Envato Market.

Hi dear seller about week ago,I bought your stuff, but I still do not get this position in my account, although i have this transaction in my PayPal account.
I called Themeforest client support, they recommend me to contact you attached a screenshots of my PayPal and Themeforest accounts.

Here are screenshots in zip-archive:

Please help me understand about the situation.

All images have .js
When I checked if the user made a purchase, I get the result: This user has never purchased any of your files.

Did you have that?

Hi,

That is a fake email and that download contains some Zipfile. which i think trying to hack.

Envato would never suggest them contacting you in that case. Totally fake

I think so but I was just trying to make sure.

Hi,

Yes, it is a hacking attempt.
I got this message from 5 different “customers” today. Exact same text, none of them are real customers.

The js files contain some obfuscated WScript code which basically attempts to download a malicious file and execute it on your system.

Stay away from it and you should be fine.

P.S. If anyone cares to investigate further, the executable is being downloaded from: [link removed]

We just got 4 emails, exactly the same.

got same message. already reported envato!

Please do not download any files from that email.

those has 2 js file which may download viruse in your pc.

More information about WScript which used in those JS

WScript is an object that is defined when the Javascript is run within the Windows Script Host, aka WSH. The object is not available within the Javascript engine in a web browser. If you are really trying to produce “batch like” files, then you don’t need a browser, and I’d say you probably don’t want a browser.

Got the same kind of email today

I got also this email. I downloaded the file, what should I do? I’m using mac.

No. issues. just delete those files…

Thanks.

It’s fake and dangerous!

Screenshot_20170911-220549.png1080×1920 242 KB

I recieved that message from kidbyxicom1980.

I realized the file name at the last moment before clicking the file: “paypal-screenshots.jpg.js”. If my file extension settings were set as “hidden”, it’s possible that, I would have opened it.

Many developers with “file-extension: close” setting may confuse.

Don’t open them.

Got the same email.

We just got 4 emails, exactly the same. Please do not open / click any links or files.

Unfortunately I just opened the zip folder as well as js file,Is there will be any problem for that? what security action should I take?I have already change my password. Again a lots of author get this type mail, envato should take action regarding this.

Hi,

If you are using Mac / windows 10 then no issues. just delete the file and move on with your work.

If not then run some virus scan

I too got the same email. Thank god first I opened his profile to see whether he purchased one of my item or not and found he did not purchase so I just neglected the email. But the question is how all of the authors were emailed at once? Is there any glitch in Envato site itself?

It’s not a glitch

A user is sending all the emails or that user just wrote some script to email authors