Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads
July 13, 2025, 10:03 a.m.
Description
An unidentified spyware called Batavia has been targeting Russian industrial organizations since July 2024 through a sophisticated phishing operation. The campaign uses bait emails disguised as contract agreements to trick employees into downloading malicious scripts, initiating a multi-stage infection process. The spyware's ultimate goal is to exfiltrate sensitive internal documents and system data. The attack involves multiple stages, including downloading encrypted VBS scripts, executing Delphi-written executables, and deploying C++-based malware for expanded data theft. Batavia employs advanced evasion tactics and persistence mechanisms, making it a significant threat to organizational security. The campaign remains active, with potential for further damage due to its ability to download additional payloads.
Tags
Date
- Created: July 9, 2025, 3:05 a.m.
- Published: July 9, 2025, 3:05 a.m.
- Modified: July 13, 2025, 10:03 a.m.
Additional Informations
- Manufacturing
- Russian Federation