Cybercrime, AgentTesla is back with a courier-themed campaign
The GZ attachment of the email directly contains the malware (an exe file). This steals sensitive information and exfilters it via FTP.
Cybercrime, Dridex returns via couriers and invoices
The xlsm attachment, if open, contacts a random link from an internal list and downloads the dll that starts the malware infection.
Cybercrime, Agent Tesla attacks with couriers’ bait
The attachment of an email about a fake shipment, if opened, contacts a link from which the malware is downloaded. The data is then exfiltrated via SMTP.
Cybercrime, Dridex is back with courier-themed campaigns
New emails with .xlsm attachment, which simulate a DHL and UPS invoice. The attachment downloads a DLL that starts the malware infection chain.