An online malware campaign has been identified which is to target in the name of FBR. However, fake domain “fbr.news” is being used for said purpose. Victims receive two emails from email@example.com. First email contains password-protected Malicious attachment portraying FBR defaulter list and the second email contains passwords for the attachment. This 2-stage mechanism is used to bypass antivirus protection and gain victims’ confidence. Once the attached docu has been downloaded and runs on the target system; all stored data in the device is compromised. It is advised that any email originating from firstname.lastname@example.org should be immediately deleted. Also, emails from unknown addresses must never be opened.