Cybercrime, Ursnif/Gozi uses real compromised emails in the campaign in Italy
The password-protected compressed attachment contains a doc file. This contacts a link and downloads the dll that starts the malware infection.
Cybercrime, Dridex still leverages Intuit Quickbooks in its global campaign
The email on an fake invoice contains an xlsm attachment. This contacts a random link from an internal list and downloads the dll, which starts the malware infection.
Cybercrime, LokiBot hides in a “Chinese boxes” campaign
The xlsm attachment downloads a doc file which downloads an executable that starts the malware infection. VelvetSweatshop used to evade anti viruses.
Cybercrime, Bitubit LLC-Aqua Direct s.r.o last Quakbot signed campaign victims
Threat actors exploit the company certificates to sign the attachment to decept the anti virus. Goal: to let the victims download and install QBot malware.
Cybercrime, QNodeService campaign via fake DHL invoices
The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Cybercrime, Dridex goes from fake Amazon Gift Card emails
The link in the messages directs the victim to a url (different for each email) and downloads an SCR, a VBS or a doc, which activate the malware infection.
Cybercrime, a hybrid Drixex-Smokeloader malware goes by fake invoices
Global malspam campaign with xlsm attachment. It contacts a link from an internal list and downloads a dll, which contains a trojan and backdoor-loader hybrid.
Cybercrime, Italy hit by a huge Urnisf/Gozi “energy adaptation” campaign
Fake mails from Reveue Agency come all from .casa domains. The attachment, different for each message, contains xlsb. It, if opened, contacts a DLL which starts malware infection.
Cybercrime, Dridex conveyed by false UPS invoices and Cutwail botnet
The email contains a link that downloads a .doc attachment. This contacts a random url from an internal list of 9 and downloads a DLL, which starts malware infection.
Cybercrime, the latest Ursnif campaign in Italy leverages MEF and MISE
Bait: reopening of commercial activities for Covid-19 emergency. Xlsb attachment contacts single link and downloads a DLL that starts malware infection. 200 ad hoc domains opened.