Agent Tesla keylogger via fake Request for Quotation

Yet another Agent Tesla Keylogger / Info-stealer Trojan malware delivered via a fake Request for Quotation email with a malicious Excel XLS spreadsheet attachment using Microsoft Equation Editor Exploit CVE-2017-11882. We see dozens of this sort of ema… Continue reading Agent Tesla keylogger via fake Request for Quotation

Fake HSBC payment details delivers Agent Tesla

A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the distribution method, Sites and hosting companies  involved i… Continue reading Fake HSBC payment details delivers Agent Tesla

Hawkeye keylogger via fake Bank Details in the Invoice

  Continuing with this  malware campaign trying to deliver Hawkeye Keylogger/ Infostealer from yesterday. The same bad actor has updated the  email, changed the payload slightly to try to bypass AV detections and instead of a .exe attachment has u… Continue reading Hawkeye keylogger via fake Bank Details in the Invoice

Hawkeye keylogger via fake Proforma Invoice that probably fails delivery

  A marginally interesting malware campaign trying to deliver Hawkeye Keylogger/ Infostealer. The email is nothing special and is a typical fake invoice. Where the bad actor has gone wrong with this campaign is he or she attached a .exe to the ema… Continue reading Hawkeye keylogger via fake Proforma Invoice that probably fails delivery

Fake PO Inquiry email delivers Agent Tesla Keylogger via rtf exploits

An email with the subject of  POQEA inquiry for order pretending to come from Balwinder Singh <sanjayl.sherma@gmail.com>  with a link to download a  malicious word doc   delivers Agent Tesla Keylogger / Remote Access Trojan.  This campaign is u… Continue reading Fake PO Inquiry email delivers Agent Tesla Keylogger via rtf exploits

Azorult via fake Chinese Government New Import Export Regulations

I am quite impressed with the level of Social Engineering with this malware delivery Malspam campaign. With Brexit fast approaching and the likelihood of no deal between UK and Europe, many companies are increasingly  trying to build a relationship wit… Continue reading Azorult via fake Chinese Government New Import Export Regulations

More Formbook via complicated download chain

A bit of  a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain

Ave Maria infostealer keylogger via Fake Invoice order confirmation

Ave Maria info stealer & keylogger is a relatively new malware that appeared rather suddenly towards the end  last year 2018. We don’t see much of it in UK and most examples I have heard of are from Italy and have been targeting Italian compa… Continue reading Ave Maria infostealer keylogger via Fake Invoice order confirmation

Azorult via fake inquiry email using Microsoft Office Equation Editor exploits

Another malware campaign using malformed  RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing  the payload and an “innocent” lure doc to be displayed. Today it l… Continue reading Azorult via fake inquiry email using Microsoft Office Equation Editor exploits