Bitdefender cybersecurity experts: The campaign changed malware in February when one of the lead developers was killed in the Russian invasion of Ukraine.
Last year contributors shared 176'532 malware samples. The top reported files were windows executables pages facing up and DLL files gear. The Italian JAMESWT in the Top Ten contributors list.
The cybersecurity researcher TheAnalyst discovered a mail pretending to fire the victim on December 24th. The xls attachments activates the malware infection chain.
The xlsb attachment on how to protect yourself on Black Friday-Cyber Monday contacts random link from an internal list and downloads the dll, starting malware infection.
The xlsb attachment contacts random links from an internal list and downloads the dll, starting the malware infection. It also tries to connect to the victim's email client.
The xlsb attachment of the "Termination Letter November" email contacts a random url from an internal list and downloads the dll, starting the malware infection.