Collaborate Disseminate
Every now & again we see a resurgence of ISRStealer info-stealer / Keylogger Trojan Malware. This malware has been around since 2011 and gets intermittent distribution campaigns. You can now submit suspicious sites, emails and files via our Submis… Continue reading ISRStealer via fake Prudential Assurance Company Purchase Order
I have got a slightly unusual potential scam / phishing / ID and money theft or fake goods scam to report on today. Yesterday I received a message via our submission form about a look-a-like site selling Bose products. The reporter was a bit concerned,… Continue reading Fake Bose site selling goods at stupid prices.
This set of phishing scams is noteworthy because the emails all originate from a compromised email account belonging to the Mexican Government or at least using the Mexico Gov domain. It seems to track back to the Ministry of Justice of Guanajuato stat… Continue reading various phishing scams via compromised Mexican Gov email address
The next in the overnight malware campaigns is a fake Fedex Express email delivering Nanore RAT via an img ( Iso) file. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are … Continue reading Fake Fedex Express Shipment For Pickup in iso delivers nanocore using Sendgrid
I have got a very unusual and somewhat difficult to analyse set of malware files here. I received 2 different versions of this email. The first with just an XLSX attachment, the second with both an XLSX and a .rar attachment. Running the xlsx file thro… Continue reading Lokibot via fake purchase order but won’t run in W7 or W8.1
I was sent the details of a very interesting and extremely well done phishing scam, that pretends to be a Council Tax refund. The scammers have chosen an extremely good domain name to perform the scam & copied almost exactly the genuine Gov.uk si… Continue reading Fake Council Tax refund phishing scam
We have been seeing a massive increase in Malspam emails delivering Hawkeye keylogger / infostealer trojan. The vast majority have either a zip file containing the trojan itself or a malformed word doc either containing macros or using one of the Micro… Continue reading Hawkeye keylogger using fileless delivery system via Amazon AWS
A rather interesting malware campaign from overnight. It all starts with an email pretending to be a payment receipt that contains a .tar attachment which contains a vbs file. As per usual the email is just generic enough to entice a recipient to open … Continue reading Fake Payment receipt vbs drops njrat bladabindi downloads Agent Tesla via Sendspace.
Another Hawkeye keylogger campaign again today. We see these most days and the emails are always such a generic invoice, order or Request for quotation so I don’t bother to post all versions we receive. I normally just tweet to the other research… Continue reading Multiple Hawkeye malspam campaigns via GreenCloudVPS
Earlier this morning I received a spam email, pretending to be a new order asking me to quote a price, with a word docx attachment. That is normal for me & many others to receive this sort of malware laden spam. The subjects are so generic, the all… Continue reading Lokibot via fake order email. Massive document.xml.rels obscuring analysis