Security News > 2024 > July > Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET. "Attackers used previously compromised email accounts and company servers, not only to spread malicious emails but also to host malware and collect stolen data," ESET researcher Jakub Kaloč said in a report published today.

These campaigns, spread across nine waves, are notable for the use of a malware loader called DBatLoader to deliver the final payloads.

This, the Slovakian cybersecurity company said, marks a departure from previous attacks observed in the second half of 2023 that leveraged a cryptors-as-a-service dubbed AceCryptor to propagate Remcos RAT. "During the second half of , Rescoms became the most prevalent malware family packed by AceCryptor," ESET noted in March 2024.

A Delphi-based downloader, DBatLoader is primarily designed to download and launch the next stage malware from either Microsoft OneDrive or compromised servers belonging to legitimate companies.

Regardless of what malware is deployed, Agent Tesla, Formbook, and Remcos RAT come with capabilities to siphon sensitive information, allowing the threat actors to "Prepare the ground for their next campaigns."

"Trojan attacks remain the most common cyberthreat, which indicates that attackers continue to target SMBs and favor malware over unwanted software," the Russian security vendor said last month.

News URL

https://thehackernews.com/2024/07/cybercriminals-target-polish-businesses.html