Cybercrime, false RFQ carries a BluStealer campaign
The compressed attachment of the “REQUEST FOR QUOTATION” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, Blustealer campaign from Lithuania simulating China
The compressed attachment of the “Order_list_30052023” message contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, false invoice request from UK is the bait for BluStealer
The compressed attachment of the “Order-Urgent” email contains an exe file – the malware. The stolen data is exfiltrated via Telegram API.
Cybercrime, a “Purchase Order” email from Lebanon carries Blustealer
The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime: here it comes Atomic, a new info-stealer for macOS
The malware, aka AMOS, is sold with a $1,000-a-month subscription and can be used even by those without technical skills.
Cybercrime, fake purchase order from Finland bait for BlueStealer
The compressed attachment of the "Purchase Order" email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, the BlueStealer campaign from the UAE changes its template
The attachment of the new "Document approval" email contains an exe: the malware. The stolen data is always exfiltrated to the same Telegram API C2.
Cybercrime, Bluestealer goes through a “Request for quotation” from the UAE
The gz attachment contains an exe: the malware (aka DarkCloud). The stolen data is exfiltrated via Telegram API.
Cybercrime, BluStealer is back with a campaign on Purchase Order
The gz attachment of a fake email from the UAE contains an exe file: the malware. The stolen data is then exfiltrated via Telegram API.
Cybercrime, Raccoon Stealer hidden in a fake complaint about a purchase
The link points to a page from which you download an xll file: the loader. This then in turn downloads a zip with the malware inside.