ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Technical analysis by the Malware Hunter JAMESWT
Fake payment receipt from a real South African company maybe spread a vjworm. A .Tar attached document. It hides a JS that starts the malware infection. However, at the moment, the C2 server is not responding. So, there is not certainty as what it is
Fake payment receipt from a real South African company spreads a malware through a malspam campain and the mail attachment, a compressed .Tar file. It contains a JS which, if opened, contacts a website and downloads the malicious code. This could be a vjworm, but at the moment the cybercrime C2 doesn’t respond. So, it’s not certain what it does. However researchers are studying it to understand which family it belongs to.