Intuit is issuing an alert to Intuit Payment (Merchant account) Customers to be on the alert for a deceptive email that contains 'Pony' malware.
Payments Malware
The email is disguised as an Intuit Payment Notification Inquiry and requests that the receiver click on a link in regard a transaction submitted for processing. The email contains a message that seems legitimate:
Email subject: Your payments are being processed for deposit [OR SIMILAR LANGUAGE]
Sender: "Merchant Center" [OR SIMILAR LANGUAGE]
Attachment: 2016-03-10_quickbooks_invoice.doc [OR SIMILAR LANGUAGE]
You potentially can contaminate your computer with this malware even by opening this email, and certainly by clicking on the link included in the email. When a user opens the attachment, the user is notified that protections are on, but then the user will be asked to “enable editing and content” functions, which launches the malware.
This Pony malware can break into stored passwords, and also 'log' all passwords entered, it will then report those passwords across the internet back to the originating malware source. Sometimes known as 'Fareit' in one or more of its variants, it has also been know to infect computers with the Zeus Trojan.
Intuit's official security alert can be found at: https://security.intuit.com/alert.php?a=384