Collaborate Disseminate
WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. I don’t often post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself chan… Continue reading AgentTesla keylogger campaigns continue
I was extremely surprised to wake up this Sunday Morning to a whole slew of fake DHL delivery notice emails with a macro enabled word doc attachment that eventually downloads some sort of Keylogger. There is some dispute as to what the actual Keylogge… Continue reading Fake DHL email delivers an unknown keylogger coupled with a phishing scam
It has been very quiet with regards to malware in the UK for the last month or so. All I have been seeing has been the commodity malware like AgentTesla, Hawkeye & Lokibot that is frequently used by Skiddies and low grade bad actors who buy an off … Continue reading Fake west-telecom.com Update Notice delivers Qbot backdoor
We continue to see AgentTesla keylogger / Infostealer on a daily basis. The UK generally has been fairly quiet for malware over the last few months ( since Easter 2019) and we are only seeing the “commodity” malware like AgentTesla, Hawkeye… Continue reading new AgentTesla Keylogger install method – Choice.exe
We haven’t seen any Formbook malware / Trojan / Info-Stealer hitting the UK for ages, so it was quite surprising to see this one arrive overnight. Unlike previous versions who generally used exploits or macros / embedded ole objects in Microsoft … Continue reading Formbook back hitting UK in fake order emails
We are still not seeing a lot of interesting malware in UK at the moment, but this one has a few interesting parts to the delivery system. The Lokibot binary that is eventually delivered is nothing special and we see this sort of commodity malware on a… Continue reading Lokibot via fake Reconfirm Bank Account Details with extremely large rtf attachment
I received a rather interesting email earlier today. It pretends to be an email from Privatbank.com and written mainly in Ukranian. There is not a known bank using PrivatBank.com anywhere I can find listed although a website for this domain was… Continue reading Fake PrivatBank email delivers AgentTesla and Phishing
I am not entirely sure what the in initial binary download with this one is, but there are indications it might be Dark Comet RAT. What we do know is that it drops a Lokibot binary The word doc is actually a RTF file containing embedded ole objects. Th… Continue reading Fake order eventually drops Lokibot but something else happens
We are still seeing continuous AgentTesla keylogger / Info-Stealer campaigns hitting the UK. We sill aren’t seeing a lot of other malware at the moment. I have received about 20 different versions over the last week that have all been nothing spe… Continue reading More AgentTesla keylogger info-stealer campaigns hitting UK
Some weird malware possibly banload and a stealer. Details were uploaded to our submissions system Starts with email link that downloads tax.zip from http://199.192.29.182/Folder/Downloader.php?1409 This zip contains genuine google updater & a bat … Continue reading banload and stealer