Cybercrime, AgentTesla now passes from Russian customs
The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
Cybercrime, Auchan Poland bait for an AgentTesla campaign
The doc attachment contacts a link, also used for Lokibot, and downloads the malware. The stolen data is exfiltrated to an email via SMTP.
Cybercrime, new wave of the AgentTesla campaign on Isbank
The message template is identical to the previous one, except for the dates and the name of the attachment: 25_153325_221122_113030.7z. Inside is an exe, the malware, which exfiltrates stolen data via SMTP.
Cybercrime, Alibaba bait of an HTML phishing scam
A fake email points to a page that simulates that of the e-commerce portal. Objective: steal credentials.
Cybercrime, Sharkbot is disguised in Android file managers apps
The apps work as a dropper for the malware and they are downloaded mostly from UK and Italy. The trojan attempts to steal online bank credentials.
Cybercrime, fake Audit report bait for an HTML phishing campaign
The goal is to steal the SharePoint Online credentials via a fake platform landing page. Victims have three attempts to digit the password, all of which will be wrong.
Cybercrime, AgentTesla now passes by banks in Turkey
The email attachment “12790429914_20221122_05373027_HesapOzeti.7z” contains an exe file: the malware. Stolen data is exfiltrated via SMTP.
Cybercrime, fake free Starlink download spreads RaccoonStealer
The cybersecurity researcher “idclickthat” discovered a fake website with a link that downloads a rar with a “setup” exe inside: the malware.
Cyber Espionage, Iran’s hackers targeted the US FCEB
The APT exploited the Log4Shell vulnerability, installed XMRig, moved laterally to the domain controller (DC), compromised credentials, and implanted Ngrok reverse proxies.
Cybercrime, Lazarus hit Europe and Latin America with a new DTrack version
Kaspersky cybersecurity experts: North Korea-linked malware hides itself inside an executable that looks like a legitimate program and has several stages of decryption before starting.