The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim's actual emails going back six months.
Some ancient filetypes are making a comeback due to unwanted attention from cybercriminals looking for more effective ways to hide malware distributed through spam campaigns.
A new malspam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan. When DarkComet is installed, the malware has the ability to log your keystrokes, application usage, take screenshots, and more, which is then sent back to the malware developer.
A malspam campaign is underway that pretends to be an invoice for an outstanding payment. When these invoices are opened they install the AZORult information stealing Trojan and the Hermes 2.1 Ransomware onto the recipient's computer.
Despite a lone report claiming that online piracy is the primary source of malware, spam still reigns supreme as today's main infection vector and the go-to tool of online criminals, according to a report published yesterday by Finnish cyber-security firm F-Secure.
Malspam campaigns, such as ones being distributed by Necurs, are utilizing a new attachment type that is doing a good job in bypassing antivirus and mail filters. These IQY attachments are called Excel Web Query files and when opened will attempt to pull data from external sources.
GandCrab version 3 was released earlier this week with a few noticeable changes. The most noticeable change is the addition of a desktop background and an autorun that causes the ransomware to start automatically when you reboot the computer.
Necurs, the world's largest spam botnet, with millions of infected computers under its control, has updated its arsenal and is currently utilizing a new technique to infect victims.
A script compile error has temporarily stopped the infection chain of a malspam campaign trying to infect users with the GandCrab ransomware.
A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service. First detected by Derek Knight, this campaign is a mixup of countries with the IRS being a U.S. entity, the send being a UK email address, and the spam attachment being in German.
A new malspam campaign is underway that is pretending to be PDF receipts, but instead installs the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.
A new malspam campaign is underway that is distributing a GlobeImposter variant that appends the ..doc extension to encrypted files. This malspam is pretending to photos being sent to the recipient and will have a subject line that starts in a similar way to "Emailing: IMG_20171221_".
The "Blank Slate" malspam campaign has switched to distributing a GlobeImposter variant that appends the .crypt extension to encrypted files. This downloaded executable is also code signed to make it appear more legitimate.