Cybercrime, Dridex is back with courier-themed campaigns
New emails with .xlsm attachment, which simulate a DHL and UPS invoice. The attachment downloads a DLL that starts the malware infection chain.
Cyber Espionage, XDSpy hits Eastern Europe and Balkans since 2011
ESET cybersecurity experts: The targets are primarily government entities. The APT, until now undetected, exploits the XDDown malware and spear phishing.
Cybercrime, the MassLogger campaign now leverages CHM files
The email contains a compressed attachment with an HTML Help File hidden inside. This, if performed, downloads a fake image that activates the malware infection.
Cybercrime, Loda RAT is back with new versions
Cisco Talos cybersecurity experts: The 1.1.1 malware added a Powershell keylogger and a VB script. The 1.1.7 update removed them, focusing on stealing passwords and cookies from browsers.
Cybercrime, Dridex exploits the UPS lure for spreading wordldwide
The .xlms attachment in the mail contacts a link, that download a DLL. This one infects the pc with the malware.
Cybercrime, Agent Tesla is back in Italy via Avion
The email contains a compressed attachment with an executable inside. Launching it installs the malware. It sends, via SMTP, emails with the stolen data.
Cybercrime: here it comes LOTHFULMEDIA, a new dropper
CISA-CNMF cyber security experts: It’s a malware, used by a sophisticated cyber actor, to deploy a RAT. Once it has persistance, a second file delete the dropper.
Cybercrime, Agent Tesla now “navigate” with vessels
New malspam campaign with a fake invoice by a real maritime ompany. The malware infection chain starts from the .doc document attached.
Cybercrime: APT-C-23 spreads Android spyware via fake Threema-Telegram
ESET cybersecurity experts: The cyber espionage group’s new malware, SpyC23.A, has extended functionality. It exploits a fake app store to distribute it.
Cybercrime, Dridex behind the wave of emails in Italy on fake invoices
A link in the email downloads a .doc file, which then downloads a DLL and infects the pc with malware. The attachment exploits the same template as Emotet.