Cybercrime, Quakbot exploits malicious xls armed with SilentBuilder
The latest signed campaign uses SHOECORP LIMITED corporate certificates to trick anti-viruses and download malware.
Cybercrime, Ursnif/Gozi uses real compromised emails in the campaign in Italy
The password-protected compressed attachment contains a doc file. This contacts a link and downloads the dll that starts the malware infection.
Cybercrime, Dridex still leverages Intuit Quickbooks in its global campaign
The email on an fake invoice contains an xlsm attachment. This contacts a random link from an internal list and downloads the dll, which starts the malware infection.
Cybercrime, LokiBot hides in a “Chinese boxes” campaign
The xlsm attachment downloads a doc file which downloads an executable that starts the malware infection. VelvetSweatshop used to evade anti viruses.
Cybercrime, Bitubit LLC-Aqua Direct s.r.o last Quakbot signed campaign victims
Threat actors exploit the company certificates to sign the attachment to decept the anti virus. Goal: to let the victims download and install QBot malware.
Cybercrime, Egregor gang changes “ransoms” in “contracts”
Ransomware victims become “clients”. The cybersecurity expert MalwareHunterTeam discovers a new press release by the group with rules and threats.
Cybercrime, Adwind RAT spreads via fake emails on invoice on SendGrid
The xlsb attachment downloads a powershell which recover a zip document. Inside, there is the malware (aka Java RAT or jRAT).
Cybercrime, Conti ransomware group asks Advantech a huge ransom: 13 mln
The cybersecurity expert Pierluigi Paganini: On November 26, leaking the data stolen begun: an archive of 3.03GB that accounts for 2% of the total amount of stolen data.
Cybercrime, QNodeService campaign via fake DHL invoices
The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Cybercrime, the Azorult campaign also arrives in Italy
Decoy: fake order from a Taiwanese company. The xls attachment, if opened, contacts a link and redirects the victim to a malicious site, which downloads the malware.