Collaborate Disseminate
We have been seeing a massive increase in Malspam emails delivering Hawkeye keylogger / infostealer trojan. The vast majority have either a zip file containing the trojan itself or a malformed word doc either containing macros or using one of the Micro… Continue reading Hawkeye keylogger using fileless delivery system via Amazon AWS
We have been noticing a “new ” netwire Trojan recently being delivered by multiple different spam emails, abusing Microsoft OneDrive, either through compromised or fraudulently set up accounts. This particular version says that asecorp ( a … Continue reading Fake DHL Shipment Notification delivers Netwire Trojan
We never fail to be astonished by the ingenuity and attempts from malware bad actors to get their malware delivered to their intended victims. However in many cases, like this one, their attempts spectacularly backfire where such a tiny, minuscule numb… Continue reading Agent Tesla keylogger delivered inside a Power ISO .daa archive
We have been seeing a lot of formbook malware recently. This campaign is very similar to all the others we frequently see. The only reason for mentioning it is that it is very unusual for malware campaigns to take place over a weekend. Most of this typ… Continue reading Fake Quotation request delivers Formbook
Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019
This is a version of Nanocore RAT being delivered via a fake Purchase Order. The file has an invalid, Expired Digital Signature that says Google. It is reasonably well detected by Antiviruses although most of them are Generic / Heuristic detections. … Continue reading Fake Autec Power purchase Order delivers Nanocore RAT
Yet another Lokibot campaign via Malspam emails. In today’s Internet based world parcel delivery messages are so common. Most of us will receive at least 1 every week, if not several each day. Today the lure pretends to be a delivery notificatio… Continue reading Lokibot via fake Fedex customs clearance notice
The next Formbook campaign today is a bit of a cock-up from the malware bad actors. The email invites you to quote for 720 of an unspecified object, the details being in the attached file. This is where they have made the mistake and made it less like… Continue reading More Formbook via fake order using broken .rar attachments
A slightly unusual malware campaign this morning. The email is nothing special and spoofs a Maltese Shipping company ( it is highly probable that multiple other companies will also be spoofed with this campaign). It pretends to be an outstanding Paymen… Continue reading Fake outstanding payment delivers Formbook and an unknown malware at same time.
Following on from Today’s earlier Formbook campaign using exploits in RTF files we are now seeing another campaign that appears to be coming from the same bad actors using .exe files disguised as a bat file inside a zip. The email pretends to … Continue reading Formbook via fake statement of account