Cybercrime, AgentTesla exploits Discord in a new campaign
The link in the photo attached to the email points to a url that downloads the exe “AWB # Ref45376289558” – the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, new SnakeKeylogger campaign from Turkey
The “854F1E97-5DBB-4A87-A566-33D9012B05E2” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, Formbook uses Chevron in a new campaign
The "folder details.rar" compressed attachment of the fake company email "NS-chevron Malaysia - quotation request" contains an exe file: the malware.
Cybercrime, the “Re: RFQ” email baits for SnakeKeylogger
The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, new AgentTesla campaign from Poland
The “Lista zamówień zakupu.7z” attachment contains the “Lista zamówień zakupu.exe” exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, double SnakeKeylogger campaign via couriers
The 2 rar attachments of the message contain the same exe file: the malware. The stolen data is exfiltrated via smtp to an email address and via the Telegram API.
Cybercrime, the Remcos bank-themed campaign changes template
The email, referring to an account statement of Garanti BBVA, now also contains an IBAN. The attachment is a compressed file in z format with an exe inside: the malware.
Cybercrime, BluStealer is back with a campaign on Purchase Order
The gz attachment of a fake email from the UAE contains an exe file: the malware. The stolen data is then exfiltrated via Telegram API.
Cybercrime, Remcos campaign via DBatLoader/Modiloader
The xz attachment contains an exe: the loader, which contacts a url and downloads the final malware.
Cybercrime, Remcos arrives from Turkey via false account statement
The email rar attachment contains an exe file: the malware.