ESET announces the detection of a wave of spam targeting European countries, including Poland, Ukraine, Spain, Serbia, and Bulgaria. In the second half of 2023, the attackers used the Rescoms remote access trojan and the AceCryptor malware tool.
The purpose of this malicious activity is to steal credentials stored in browsers or email clients to carry out further attacks, including those using currently popular ransomware.
“AceCryptor targeted several European countries to obtain information or access to the networks of several companies. The malware in these attacks was distributed in spam emails, which in some cases were quite convincing, sometimes spamming from previously compromised email accounts,” said Jakub Kaloc, ESET researcher.
The detected AceCryptor samples often contained two families of malware, including Rescoms and SmokeLoader components, the latter of which led to a wave of spread in Ukraine. While in Poland, Bulgaria, and Serbia, increased activity was caused by AceCryptor containing Rescoms as the final component.
All of the spam attacks targeted businesses in Poland, as well as Slovakia, Bulgaria, and Serbia, and had quite similar themes, including offers of cooperation for companies. The only thing that varied was the language in the spam messages according to the country.
To make it look as realistic as possible, the attackers used the names of existing companies in spam emails, as well as the names and contact information of employees when signing emails. This way, if the victim searched for the sender on Google, they would find it, not suspect anything malicious, and probably open the malicious attachment.
Since spam emails were the vector of malware spread, ESET experts recommend that users be especially careful not to open suspicious attachments or emails from unknown senders.
It is also worth noting that in each of these countries, ESET products prevented a greater number of attacks. That is why it is important to use security solutions to reliably protect your corporate network and detect any malicious activity in a timely manner. For example, ESET PROTECT Elite provides powerful cybersecurity for organizations, threat prevention, detection, and rapid response (XDR).