The cybersecurity researcher TheAnalyst discovered a mail pretending to fire the victim on December 24th. The xls attachments activates the malware infection chain.
The email xls attachment contacts a single link and downloads the dll, starting the malware infection chain. But only from Italian IPs and not on the blacklist.
The email xls attachment contacts a single link and downloads the dll, activating the malware infection. Provided that the IP is Italian and not on the blacklist.
The xlsb attachment on how to protect yourself on Black Friday-Cyber Monday contacts random link from an internal list and downloads the dll, starting malware infection.
Dr.Web cybersecurity experts: It’s the Android.Cynos.7.origin' trojan, a modified version of Cynos, spread on Huawei's AppGallery. It collects sensitive user data.
The xlsb attachment contacts random links from an internal list and downloads the dll, starting the malware infection. It also tries to connect to the victim's email client.
The bait are false invoice offsets. The xls attachment contacts single link from which it downloads the dll, starting the malware infection. But only from Italian IPs.