We stop for a week for technical updates. Activities will resume regularly from February 7th.
Cybercrime, MassLogger hits again in a international campaign

Tehcnical analysis by the Malware Hunter JAMESWT
MassLogger hits again organizations in a international campaign. The attachments start the malware infection chain
MassLogger hits again with a targeted campaign against organizations. There are new emails on the wild, that exploit real companies to let the victim open the malicious attachments. They are all compressed files. Some of them with a JavaScript inside. Others, with an .exe file or a .bat one. Those start the infection chain, downloading the encrypted malware. This one then is decoded and made operative. MassLogger is a keylogger, which steals login credentials and sensitive data, transmitted to C2 servers via ftp. According Italian CERT-AgID cyber security experts, the last campaign has targeted until now:
Austria
Belgium
Czech Republic
Denmark
France
United Kingdom
Germany
Italy
The Netherlands
Spain
United States
The PowerShell Script to start the malware infection in the Italian chapter of the campaign
DNS HTTP/HTTPS requests / Connection