Spam
Recently, there has been a spike in incidents involving information-stealing malware, commonly known as info-stealers, which uses cloud sharing services to attack victims. Threat actors have been leveraging this kind of attack in an innovative way through the distribution of spam emails, in this case by targeting content creators on YouTube.
Read moreThe abuse of cloud sharing services such as Google Drive and Google Docs was last seen in March 2023, in which threat actors targeted Latin American countries, distributing payment-related emails containing malware such as REMCOSRAT. This time, we observed a spam email that initiated a discussion about hotel reservations.
Read moreAttackers have commonly use HTML attachments for phishing due to its capability of designing a webpage. They would need a webpage in order to mimic login pages of well-known companies, which in turn will trick the user to input their credentials thinking that they are in a legitimate website.
Read moreEver since Microsoft disabled running macros from Officefiles downloaded from the internet or email attachments, threat actors havebeen compelled to find new ways to spread malware. Such as malware, ICEDID and QAKBOT, were both observed being delivered via malicious PDF attachmentsin spam emails.
Read moreRecently, we observed spam emails thattargeted users in Latin America. The emails, which were written in Spanish, informedvictims about an outstanding balance or a pending payment.
Read moreWe continuously witness the evolution of QAKBOT, a sophisticated data stealer malware, come up with old and new techniques to bypass email security filters. We dive deep on this in the article 'Qakbot loader Returns With New Techniques And Tools'.
Read moreAfter months of hiatus, the notorious malware EMOTET has resumed its spam operations with a mixture of old and new techniques. Discovered in 2014, EMOTET began as a banking trojan that steals victims' credentials and information.
Read moreEarly in 2023, there started a rise of malware campaigns that used and abused Microsoft's Note-taking Application, OneNote. One of the malware families that took advantage of this time is QAKBOT, a banking trojan that is known for being a conduit for delivering other payload into a victim's device.
Read moreA new malspam campaign has been discovered delivering Aurora Stealer through inquiries targeting Hotel Companies. Aurora Stealer is an information-stealer with remote access capabilities.
Read moreWe observed a spam campaign that has been using Microsoft-related templates such as Office 365 and SharePoint notifications to spread new malware since September 2021. Along with usual lures like COVID-19, these spam emails trick users to open malicious HTML attachments or click malicious links, both of redirects unwitting users to download a malicious XLS file.
Read more