Cybercrime, false invoice request from UK is the bait for BluStealer
The compressed attachment of the “Order-Urgent” email contains an exe file – the malware. The stolen data is exfiltrated via Telegram API.
Cybercrime, false invoice for a phishing campaign on Adobe
The "PAYMENT CONFIRMATION.HTML" attachment of the "PAYMENT SLIP" email points to a fake site from which to download the document. Goal: steal passwords.
Cybercrime, “PROFORMA INVOICE 30% DOWNPAYMENT” carries AgentTesla
The email “Payment Advice” compressed attachment contains an exe: the malware. The stolen data is exfiltrated via SMTP.
Cybercrime, AgentTesla uses the Chinese box trick
The zip attachment of a email about a fake invoice contains an iso file with an exe inside: the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, false invoice conveys a new AgentTesla campaign
The email two r00 attachments are different, but contain the same VBS that downloads and executes the malware. Data exfiltered via Telegram API.
Cybercrime, false DHL invoice baits for a Formbook campaign
The gz attachment of the email with the subject "COMMERCIAL INVOICE, BILL OF LADING, ETC DOC" contains an exe file: the malware.
Cybercrime, the courier-themed AgentTesla campaign now leverages TNT
The ace attachment of the email, that simulates an invoice, contains an exe: the malware. Stolen data is exfiltrated via the Telegram API, the same of the last wave.
Cybercrime, new AgentTesla campaign via fake FedEx invoice
The ace attachment contains an exe file: the malware itself. Stolen data is exfiltrated via Telegram api.
Cybercrime, AgentTesla now passes by a company in Portugal
Invoice-themed campaign. The rar attachment contains Guloader, that contacts a link and downloads the final malware.
Cybercrime, new invoice-themed Formbook campaign
r00 email attachment contains an exe file: the malware itself.