Cybercrime, QNodeService campaign via fake DHL invoices
The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Cybercrime, Dridex goes from fake Amazon Gift Card emails
The link in the messages directs the victim to a url (different for each email) and downloads an SCR, a VBS or a doc, which activate the malware infection.
Cybercrime, the Azorult campaign also arrives in Italy
Decoy: fake order from a Taiwanese company. The xls attachment, if opened, contacts a link and redirects the victim to a malicious site, which downloads the malware.
Cybercrime, a hybrid Drixex-Smokeloader malware goes by fake invoices
Global malspam campaign with xlsm attachment. It contacts a link from an internal list and downloads a dll, which contains a trojan and backdoor-loader hybrid.
Cybercrime, Italy hit by a huge Urnisf/Gozi “energy adaptation” campaign
Fake mails from Reveue Agency come all from .casa domains. The attachment, different for each message, contains xlsb. It, if opened, contacts a DLL which starts malware infection.
Cybercrime, Dridex conveyed by false UPS invoices and Cutwail botnet
The email contains a link that downloads a .doc attachment. This contacts a random url from an internal list of 9 and downloads a DLL, which starts malware infection.
Cybercrime, phishing campaign passes from Boa web server
The lure is a fake email on an email closure. It contains a link to update the account via a login page. Also this one is false. The only aim is to steal credentials.
Cybercrime, the latest Ursnif campaign in Italy leverages MEF and MISE
Bait: reopening of commercial activities for Covid-19 emergency. Xlsb attachment contacts single link and downloads a DLL that starts malware infection. 200 ad hoc domains opened.
Cybercrime, Dridex uses fake UPS invoice as the ultimate bait
Global malspam campaign exploits xlsm attachment, that contacts a random link from an internal list of over 30 and downloads a DLL, which starts the malware infection.
Cybercrime, fake South African receipt maybe spreads a vjworm
A .Tar attached document hides a JS that starts the malware infection. However, at the moment, the C2 server is not responding. So, there is not certainty as what it is.