SambaSpy Using Weaponized PDF Files to Attack Windows Users

19 September 2024

ambaSpy Attacking Windows Users With Weaponized PDF FilesResearchers discovered a targeted cybercrime campaign in May 2024 that exclusively focused on Italian victims, which was unusual as attackers typically aim for broader targets to increase profits. However, this campaign implemented checks at different stages of the infection chain to ensure only Italian users were affected, which prompted to investigate further, leading to the discovery of a new remote access Trojan (RAT) named SambaSpy, delivered as the final payload. SambaSpy infection chain 2 The attackers used a spearphishing email with a fake invoice from a legitimate Italian real estate company to trick users into clicking on a malicious link. The link redirected users to a website that looked like a legitimate invoice storage website, but it then redirected Italian users who were using Edge, Firefox, or Chrome to a malicious OneDrive URL.

Source: GBHackers

Date:

19 September 2024

Categorie(s):

NEWS

Tag(s):

Attacks, Cyber Security News, Files, Microsoft, OS

Vanilla Tempest leverages INC ransomware to target healthcare sector19 September 2024
Tor anonymity compromised by law enforcement. Is it still safe to use?19 September 2024
Iran’s cyber-goons emailed stolen Trump info to Team Biden – which ignored them19 September 2024
UN lays out plans for how AI can best serve humanity19 September 2024
How serverless architecture is reshaping cybersecurity defenses in a new threat landscape19 September 2024