Cybercrime, double AgentTesla campaign via China and Türkiye
The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.
Cybercrime, the BlueStealer campaign from the UAE changes its template
The attachment of the new "Document approval" email contains an exe: the malware. The stolen data is always exfiltrated to the same Telegram API C2.
Cybercrime, the “Hesap hareketleriniz” email carries Remcos
A new zipped attachment contains an exe: the malware, while the text and C2s do not change from previous campaign waves.
Cybercrime, fake email from Maersk carries Lokibot
The jar attachment of the email “Cargo Loading, BL : 2082688*** Container - MRKU8781602.” contains an exe: malware.
Cybercrime, Formbook hides in a fake email from Italy
The IMG attachment of the “QUOTATION OP5000/4-23” message contains an exe: the malware.
Cybercrime, emails with Chinese boxes to hide AgentTesla
The "Purchase Order 20000963.zip" attachment contains an img file with the "New Prices List" exe inside: the malware. The stolen data is exfiltrated via SMTP.
Cybercrime, AgentTesla uses the Chinese box trick
The zip attachment of a email about a fake invoice contains an iso file with an exe inside: the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, SnakeKeylogger passes by invoices in Turkey
The “854F1E97-5DBB-4A87-A566-33D9012B05E2pdf.lzh” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, new SnakeKeylogger campaign from Turkey
The “854F1E97-5DBB-4A87-A566-33D9012B05E2” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, new AgentTesla campaign from Poland
The “Lista zamówień zakupu.7z” attachment contains the “Lista zamówień zakupu.exe” exe file: the malware. Stolen data is exfiltrated via Telegram API.