Cisco Talos has recently discovered an attack campaign utilizing a new Masslogger variant. The new Masslogger variant is designed to retrieve and exfiltrate user credentials from multiple sources, such as Google Chrome, Microsoft Outlook, and instant messengers.
In this campaign, the cybercriminals have been actively targeting Windows systems and users in Turkey, Italy, and Latvia, since at least mid-January.
The threat actors behind the latest Masslogger campaign have utilized a multi-modular approach in their campaigns so far. All of their campaigns observed so far have started with a phishing email and carried them through to the final payload. Also, apart from the initial mail attachments, all stages of the attacks are fileless.
To Read More: Cyware
