216.73.217.1

SambaSpy – a new RAT targeting Italian users

· Published 19/09/2024 07:35 · Modified 19/09/2024 08:02

Export JSON

Essential information

Published
19/09/2024 07:35
Modified
19/09/2024 08:02
Tags
2024-09-19 credential stealing java phishing rat sambaspy
Related entities
24 observables, 15 techniques (mitre), 1 malware, 4 others

Description

A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan () dubbed . The infection chain involves emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs multiple checks to ensure only Italian users are infected. is a full-featured developed in with capabilities including file system management, process control, keylogging, webcam control, and . The threat actor behind the campaign appears to speak Brazilian Portuguese and has also targeted Spain and Brazil. The attackers base their distribution on legitimate documents, taking advantage of company brands unrelated to the campaign.

External references