Cybercrime, double AgentTesla campaign via couriers and invoices
A fake DHL email contains two compressed files with an exe inside: the same malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, new courier-themed Lokibot campaign
The gz attachment of the email “Cargo Arrival Notice BL : AWB# 5331810761” contains an exe: the malware.
Cybercrime, new courier-themed Formbook campaign
The zip attachment of the fake TNT email “TNT Express Consignment Notification for 213596003” contains an exe: the malware.
Cybercrime, AgentTesla exploits Discord in a new campaign
The link in the photo attached to the email points to a url that downloads the exe “AWB # Ref45376289558” – the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, AgentTesla is back with a campaign on couriers
The doc attachment, using Equation Editor, contacts a url and downloads an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, false DHL invoice baits for a Formbook campaign
The gz attachment of the email with the subject "COMMERCIAL INVOICE, BILL OF LADING, ETC DOC" contains an exe file: the malware.
Cybercrime, Second day for the new courier-themed AgentTesla campaign
The text is identical to that of the previous day. Only the attachment, which however contains an exe file - the malware – changes.
Cybercrime, new AgentTesla campaign via fake FedEx invoice
The ace attachment contains an exe file: the malware itself. Stolen data is exfiltrated via Telegram api.
Cybercrime, new courier-themed Lokibot campaign
The ace attachment of an email on a false shipping invoice with the object "DHL AWB # 2484635344- RATE 275 KG" contains an exe file: the malware itself.
Cybercrime, courier-themed double Formbook campaign
The emails carry an img attachment and a rar. Both contain an exe file - the malware itself.