Cybercrime, Quakbot exploits malicious xls armed with SilentBuilder
The latest signed campaign uses SHOECORP LIMITED corporate certificates to trick anti-viruses and download malware.
Cybercrime, Ursnif/Gozi uses real compromised emails in the campaign in Italy
The password-protected compressed attachment contains a doc file. This contacts a link and downloads the dll that starts the malware infection.
Cybercrime, Dridex still leverages Intuit Quickbooks in its global campaign
The email on an fake invoice contains an xlsm attachment. This contacts a random link from an internal list and downloads the dll, which starts the malware infection.
Cybercrime, LokiBot hides in a “Chinese boxes” campaign
The xlsm attachment downloads a doc file which downloads an executable that starts the malware infection. VelvetSweatshop used to evade anti viruses.
Cybercrime, Bitubit LLC-Aqua Direct s.r.o last Quakbot signed campaign victims
Threat actors exploit the company certificates to sign the attachment to decept the anti virus. Goal: to let the victims download and install QBot malware.
Cybercrime, French Posts lure for a phishing campaign
A mail or a SMS asks users to pay a residual colissimo shipping cost, opening a link. It redirect to a fake La Poste login site. The goal is to steal PII and sensitive data.
Cybercrime, Adwind RAT spreads via fake emails on invoice on SendGrid
The xlsb attachment downloads a powershell which recover a zip document. Inside, there is the malware (aka Java RAT or jRAT).
Cybercrime, QNodeService campaign via fake DHL invoices
The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Cybercrime, Dridex goes from fake Amazon Gift Card emails
The link in the messages directs the victim to a url (different for each email) and downloads an SCR, a VBS or a doc, which activate the malware infection.
Cybercrime, the Azorult campaign also arrives in Italy
Decoy: fake order from a Taiwanese company. The xls attachment, if opened, contacts a link and redirects the victim to a malicious site, which downloads the malware.