SambaSpy – a new RAT targeting Italian users
Sept. 19, 2024, 8:02 a.m.
Description
A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed SambaSpy. The infection chain involves phishing emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs multiple checks to ensure only Italian users are infected. SambaSpy is a full-featured RAT developed in Java with capabilities including file system management, process control, keylogging, webcam control, and credential stealing. The threat actor behind the campaign appears to speak Brazilian Portuguese and has also targeted Spain and Brazil. The attackers base their distribution on legitimate documents, taking advantage of company brands unrelated to the campaign.
Tags
Date
- Created: Sept. 19, 2024, 7:35 a.m.
- Published: Sept. 19, 2024, 7:35 a.m.
- Modified: Sept. 19, 2024, 8:02 a.m.
Indicators
- https://moduloj.lamsnajs.site/Modulo32.jpg
- moduloj.lamsnajs.site
- wedmail.site
- serverakp.site
- qpps.site
- officediraccoltaanabelacosta.net
- lskbd.site
- lamsnajs.site
- immobilibelliniepecunia.xyz
- immobilibelliniepecunia.site
- immobilibelliniepecunia.shop
- immobilibelliniepecunia.online
- immobilibelliniepecunia.me
- immobiliarebelliniepecunia.online
- immobiliarebelliniepecunia.info
- bpecuniaimmobili.xyz
- bpecuniaimmobili.online
- bpecuniaimmobili.info
- belliniepecuniaimmobilisrl.xyz
- belliniepecuniaimmobilisrl.shop
- belliniepecuniaimmobilisrl.online
- belliniepecuniaimmobili.com.br
- belliniepecuniaimmobili.com
- appsabs.site
Attack Patterns
- SambaSpy
- T1021.001
- T1125
- T1115
- T1059.007
- T1056.001
- T1555
- T1113
- T1057
- T1105
- T1083
- T1071
- T1219
- T1204
- T1027
- T1566
Additional Informations
- Real Estate
- Spain
- Italy
- Brazil