Stormkitty/SnakeKeylogger campaign via Garanti BBVA. 2 identical “Hesap hareketleriniz” emails contain the same r01 attachment, inside which there is an exe file: the malware. Stolen data is exfiltrated via Telegram API

A fake IBAN transfer from Garanti BBVA, arrived in double email, is the bait for a Stormkitty/SnakeKeylogger campaign.

The two identical “Hesap hareketleriniz” messages contain the same compressed attachment (r01), inside which there is an exe file: the malware. Stolen data is exfiltrated via Telegram API.

Indeed, SnakeKeylogger and StrormKitty are two info-stealers capable of acquiring information through various methods.