A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, double failed malware campaign via PO
Double failed malware campaign via PO. The emails contain an xls which, using the Equation Editor, contacts a url and downloads the final payload. However, the exe is unreachable
Double failed campaign to distribute malware through a purchase order (PO). In the past few hours, at least two emails have been distributed.
One reports a theoretical sender from Dubai and the other from Spain. Both contain an xls attachment which, exploiting the Equation Editor vulnerability, contacts a url and downloads the malicious payload: an exe. The file, however, is currently unreachable. There is no confirmation, but it is suspected that the malware could have been Formbook. This, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.