Malware, Phishing

New SambaSpy malware spread in phishing campaign

Privacy concept: pixelated words Malware on digital background, 3d render

Italy has been targeted with the novel SambaSpy remote access trojan as part of a new phishing campaign by a suspected Brazilian Portuguese-speaking threat actor, reports The Hacker News.

Attacks commenced with the distribution of phishing emails with an HTML attachment or malicious link, which would trigger the deployment of the Java-based RAT, which enables not only file system, process, and remote desktop management, but also file uploads or downloads, keylogging, screenshot capturing, and webcam takeovers, according to an analysis from Kaspersky. Aside from allowing additional plugin loading at runtime, SambaSpy also facilitates browser credential theft activities, said Kaspersky researchers. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country. It's likely that the attackers are testing the waters with Italian users before expanding their operation to other countries," researchers added. Such findings follow a Trend Micro report detailing increasingly prevalent phishing campaigns involving the Mekotio, Grandoreiro, and BBTok banking trojans against Latin America.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds