Cybercrime, maritime payment themed SnakeKeylogger campaign
The r00 attachment of the “SOA REMITTANCE Final DA / MV NPR -IMO: 9268083” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, SnakeKeylogger uses Siemens Energy as bait
The “Action Required - SIEMENS Energy -PO- 216238068” email has 2 identical rar attachments, with inside an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, AgentTesla uses the Chinese box trick
The zip attachment of a email about a fake invoice contains an iso file with an exe inside: the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, new Inquiry-themed AgentTesla campaign
The "PO#-DSC_0000778" attachment of the "Inquiry/Steel Braided 8 mm Wire materials" email contains a jpg and an exe: the malware. Stolen data is exfiltrated via SMTP to an email.
Cybercrime, SnakeKeylogger passes by invoices in Turkey
The “854F1E97-5DBB-4A87-A566-33D9012B05E2pdf.lzh” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, AgentTesla exploits Discord in a new campaign
The link in the photo attached to the email points to a url that downloads the exe “AWB # Ref45376289558” – the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, new SnakeKeylogger campaign from Turkey
The “854F1E97-5DBB-4A87-A566-33D9012B05E2” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, Formbook uses Chevron in a new campaign
The "folder details.rar" compressed attachment of the fake company email "NS-chevron Malaysia - quotation request" contains an exe file: the malware.
Cybercrime, the “Re: RFQ” email baits for SnakeKeylogger
The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, new AgentTesla campaign from Poland
The “Lista zamówień zakupu.7z” attachment contains the “Lista zamówień zakupu.exe” exe file: the malware. Stolen data is exfiltrated via Telegram API.