Collaborate Disseminate
It looks like we are seeing a few changes to the Remcos RAT install & persistence method. Over the last couple of weeks I have noticed a few tweaks to the persistence & auto start of several Remcos Rat versions. Today it has changed again to tr… Continue reading Some changes to Remcos Rat persistence method
We are still seeing continuous AgentTesla keylogger / Info-Stealer campaigns hitting the UK. We sill aren’t seeing a lot of other malware at the moment. I have received about 20 different versions over the last week that have all been nothing spe… Continue reading More AgentTesla keylogger info-stealer campaigns hitting UK
We are seeing a continuation of even more AgentTesla malspam campaigns again this morning. However today’s is somewhat different to usual and also delivers a Nanocore RAT. Actually the Nanocore RAT is downloading the AgentTesla keylogger. And af… Continue reading More AgentTesla keylogger and Nanocore RAT in one bundle
We are seeing a continuation of the new style AgentTesla malspam campaign again this morning. This is still using a multistage downloader eventually resulting in the AgentTesla keylogger / infostealer being run on the victim’s computer as a filel… Continue reading More AgentTesla keylogger as fileless malware.
A quick post about the latest in a long, long, long, very, very long line of fake DHL delivery failure emails delivering all sorts of malware. Today’s version is slightly different to the ones we frequently see in UK. Today it is delivering Nanoc… Continue reading Nanocore RAT via fake DHL failed delivery in Chinese
I have heard of the “Belt and Braces ” approach to delivering malware before, but this malware campaign delivering Remcos Rat is using the belt and 2 pairs of braces to try make sure the malware gets delivered. The email is a fairly typica… Continue reading Remcos Rat via fake invoice using multiple delivery methods.
Following on from Last Friday, it is looking like Windstream, Zimbra & Synacor still have a problem with accounts being compromised and mass malspam being sent. Generally speaking the majority of ISPs are pretty good with blocking outgoing spam &#… Continue reading More compromised windstream email sending malspam with Orion keylogger
Got a bit of a dodgy one here today, where it looks like the email service for windstream.net has been compromised to allow a miscreant to send malicious emails that are passing all authentication. It is highly likely that it is an individual customer … Continue reading compromised windstream email sending malspam
Every now & again we see a resurgence of ISRStealer info-stealer / Keylogger Trojan Malware. This malware has been around since 2011 and gets intermittent distribution campaigns. You can now submit suspicious sites, emails and files via our Submis… Continue reading ISRStealer via fake Prudential Assurance Company Purchase Order
I have got a very unusual and somewhat difficult to analyse set of malware files here. I received 2 different versions of this email. The first with just an XLSX attachment, the second with both an XLSX and a .rar attachment. Running the xlsx file thro… Continue reading Lokibot via fake purchase order but won’t run in W7 or W8.1