Ave Maria infostealer keylogger via Fake Invoice order confirmation

Ave Maria info stealer & keylogger is a relatively new malware that appeared rather suddenly towards the end  last year 2018. We don’t see much of it in UK and most examples I have heard of are from Italy and have been targeting Italian companies, so this is quite unusual and is not a well known malware (yet). This arrived with an Excel spreadsheet attachment to a fake invoice / order  email. The miscreants are using CVE-2017-11882 to download the payload from a remote URL  http://23.249.164.131/feb/sel/sel.exe  This in turn calls out to a github account where what look like genuine  digitally Continue reading →