Description
A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed SambaSpy. The infection chain involves phishing emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs multiple checks to ensure only Italian users are infected. SambaSpy is a full-featured RAT developed in Java with capabilities including file system management, process control, keylogging, webcam control, and credential stealing. The threat actor behind the campaign appears to speak Brazilian Portuguese and has also targeted Spain and Brazil. The attackers base their distribution on legitimate documents, taking advantage of company brands unrelated to the campaign.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 19, 2024, 7:35 a.m. | Sept. 19, 2024, 7:35 a.m. | Sept. 19, 2024, 8:02 a.m. |
Indicators
https://moduloj.lamsnajs.site/Modulo32.jpg
Attack Patterns
SambaSpy
T1021.001
T1125
T1115
T1059.007
T1056.001
T1555
T1113
T1057
T1105
T1083
T1071
T1219
T1204
T1027
T1566
Additional Informations
Real Estate
Spain
Italy
Brazil