Italy has been targeted with the novel SambaSpy remote access trojan as part of a new phishing campaign by a suspected Brazilian Portuguese-speaking threat actor, reports The Hacker News.
Attacks commenced with the distribution of phishing emails with an HTML attachment or malicious link, which would trigger the deployment of the Java-based RAT, which enables not only file system, process, and remote desktop management, but also file uploads or downloads, keylogging, screenshot capturing, and webcam takeovers, according to an analysis from Kaspersky. Aside from allowing additional plugin loading at runtime, SambaSpy also facilitates browser credential theft activities, said Kaspersky researchers. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country. It's likely that the attackers are testing the waters with Italian users before expanding their operation to other countries," researchers added. Such findings follow a Trend Micro report detailing increasingly prevalent phishing campaigns involving the Mekotio, Grandoreiro, and BBTok banking trojans against Latin America.
