Friend
Professional
- Messages
- 2,653
- Reaction score
- 843
- Points
- 113
A sophisticated method of disguise makes the new malware almost invisible.
Cybersecurity experts from Kaspersky Lab have discovered a new piece of malware called SambaSpy that poses a threat to users in Italy. This Remote Access Trojan (RAT) is used by hackers to take full control of victims' devices.
With SambaSpy, attackers can manage files, upload and download data, take screenshots, monitor webcams, steal passwords, and engage in keylogging. SambaSpy has proven to be difficult to detect because it uses cloaking techniques such as Zelix KlassMaster, making it difficult to identify and analyze. However, experts were still able to reveal its functionality and distribution methods.
The malware campaign in question targets Italian users exclusively, which is unusual since the attackers are more likely to choose broader targets. Most likely, this is due to testing new methods before a larger-scale attack on users in other countries. So, researchers already know that hackers have begun to expand their actions to Spain and Brazil.
The Trojan spreads through phishing emails disguised as communications from a real estate agency. Users are offered to open an account by clicking on a link that redirects to a malicious site. If the operating system is set to Italian and the Edge, Firefox or Chrome browser is used, an infected PDF file is downloaded that injects the Trojan. In other cases, users are redirected to the legitimate FattureInCloud site.
Researchers have not yet figured out which hacking group is behind this Trojan, but it is assumed that the hackers speak the Brazilian variant of Portuguese. Experts have found similar malicious domains, indicating the beginning of attacks in other countries.
The main lesson from this incident is that such attacks can happen in any country and under any pretext. A Trojan can be hidden behind a variety of phishing tricks, from invoices to notifications from tax authorities or flight tickets.
To protect against SambaSpy, security experts recommend installing reliable antivirus solutions and being careful when receiving suspicious emails.
Source
Cybersecurity experts from Kaspersky Lab have discovered a new piece of malware called SambaSpy that poses a threat to users in Italy. This Remote Access Trojan (RAT) is used by hackers to take full control of victims' devices.
With SambaSpy, attackers can manage files, upload and download data, take screenshots, monitor webcams, steal passwords, and engage in keylogging. SambaSpy has proven to be difficult to detect because it uses cloaking techniques such as Zelix KlassMaster, making it difficult to identify and analyze. However, experts were still able to reveal its functionality and distribution methods.
The malware campaign in question targets Italian users exclusively, which is unusual since the attackers are more likely to choose broader targets. Most likely, this is due to testing new methods before a larger-scale attack on users in other countries. So, researchers already know that hackers have begun to expand their actions to Spain and Brazil.
The Trojan spreads through phishing emails disguised as communications from a real estate agency. Users are offered to open an account by clicking on a link that redirects to a malicious site. If the operating system is set to Italian and the Edge, Firefox or Chrome browser is used, an infected PDF file is downloaded that injects the Trojan. In other cases, users are redirected to the legitimate FattureInCloud site.
Researchers have not yet figured out which hacking group is behind this Trojan, but it is assumed that the hackers speak the Brazilian variant of Portuguese. Experts have found similar malicious domains, indicating the beginning of attacks in other countries.
The main lesson from this incident is that such attacks can happen in any country and under any pretext. A Trojan can be hidden behind a variety of phishing tricks, from invoices to notifications from tax authorities or flight tickets.
To protect against SambaSpy, security experts recommend installing reliable antivirus solutions and being careful when receiving suspicious emails.
Source
