SambaSpy Malware: Italian Users Under Attack
Cybersecurity experts from Kaspersky Lab have uncovered new malware called SambaSpy, posing a significant threat to users in Italy. This Remote Access Trojan (RAT) enables hackers to gain full control over victims’ devices.
Through SambaSpy, attackers can manipulate files, upload and download data, capture screenshots, control webcams, steal passwords, and engage in keylogging activities. SambaSpy has proven difficult to detect, employing obfuscation techniques like Zelix KlassMaster, which complicates its identification and analysis. Nevertheless, experts have successfully uncovered its functionalities and methods of dissemination.
This malicious campaign is uniquely targeted at Italian users, which is unusual, as cybercriminals typically aim for broader audiences. It is likely that this is a test of new methods before launching a more extensive attack on users in other countries. Researchers have already noted that hackers are expanding their operations to Spain and Brazil.
The Trojan spreads through phishing emails disguised as communications from real estate agencies. Users are prompted to open an account by clicking a link that redirects them to a malicious website. If the operating system is set to Italian and the user is browsing with Edge, Firefox, or Chrome, an infected PDF file is downloaded, which installs the Trojan. In other cases, users are redirected to the legitimate FattureInCloud website.
Investigators have not yet identified the hacking group behind this Trojan, but it is suspected that the attackers are Portuguese speakers from Brazil. Experts have discovered similar malicious domains, indicating the onset of attacks in other countries.
The key takeaway from this incident is that such attacks can occur in any country and under any pretense. The Trojan can be concealed behind various phishing schemes, from invoices to tax authority notices or airline tickets.
To protect against SambaSpy, cybersecurity experts recommend installing robust antivirus solutions and exercising caution when receiving suspicious emails.
