TLDR:
Key Points:
- New SambaSpy malware targets Italian users through phishing emails
- The malware is a multi-functional RAT payload that can steal credentials and perform various malicious activities
Summary:
A new malware named SambaSpy has been discovered targeting Italian users through phishing emails. This Brazilian-linked malware is distributed via HTML attachments or embedded links in phishing emails. Once opened, the attachment deploys a RAT payload that can perform various malicious activities, including file system management, keylogging, and stealing credentials from web browsers. The threat actor behind the campaign is suspected to expand to other countries such as Brazil and Spain. Additionally, recent campaigns delivering banking trojans targeting Latin American users have been detected, highlighting the need for enhanced cybersecurity measures. The trojans mentioned in these campaigns, BBTok and Mekotio, use sophisticated techniques to evade detection and steal sensitive information from victims.