Cybercrime, false invoice request from UK is the bait for BluStealer
The compressed attachment of the “Order-Urgent” email contains an exe file – the malware. The stolen data is exfiltrated via Telegram API.
Cybercrime, AgentTesla passes by a fake request for products from Dubai
The “Re: Revised Quotatio” email contains a zip file with an exe inside – the malware. It is not known how the stolen data is exfiltrated.
Cybercrime, DocuSign-themed phishing campaign
A service's fake email invites the victim to open a link, that points to a decoy site. Goal: Steal WordPress credentials.
Cybercrime, AgentTesla hides in the “Nieuwe bestelling – 100 STUKS ELK” email
The lzh attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, “FQ quotations….>” carries HawkEye/MailPassView and AgentTesla
The zip attachment contains 2 exe: "LPO Samples Xls" and "Purchase Order Details XLs": the malware. AgentTesla exfiltrates stolen data via FTP.
Cybercrime, a “Purchase Order” email from Lebanon carries Blustealer
The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, a fake “XFQ quotations” email bait for AgentTesla
The lzh attachment contains two exe files: the same malware. Stolen data is exfiltrated by FTP.
Cybercrime, the mysterious malware from Türkiye is SnakeKeylogger/StormKitty
The lnk “Alıntı 2589984” email attachment starts the infection chain by running a Powershell script. Stolen data is exfiltrated via Telegram API.
Cybercrime, false offer of products from Türkiye bait for a mysterious malware
The compressed attachment of the “Alıntı 2589984” email contains a lnk file, which starts the chain of infection by running a Powershell script.
Cybercrime: here it comes Atomic, a new info-stealer for macOS
The malware, aka AMOS, is sold with a $1,000-a-month subscription and can be used even by those without technical skills.