Researchers at Cybaze-Yoroi ZLab identified an espionage campaign targeting the automotive industry in Italy.
The malware used in this campaign was distributed via a phishing email. It attempts to entice a victim into believing it is legitimate, suggesting that it is from a senior partner at the Brazilian law firm “Veirano Advogados”. The actual malware is disguised as a Microsoft Power Point presentation that contains auto-open VBA macro code. Once initiated, it will download and execute the next stage of the dropper, then ultimately RevengeRAT. For full technical details, refer to Yoroi’s article.
Indicators of Compromise
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.