Topic: Be careful, SambaSpy Malware (Read 97 times)
A nice find op but as many forum members who gave their advice that we should be very careful on clicking links especially when you receive an email. This is what many people do and become a victim of clipboard malware and it's not just malware that we should be careful of but also phishing sites that looks like the original except the domain name is different from the original and the domain may also look like the same as the original or the legit site. Anyway, the target is specific which is italy but other countries might also get targetted so it's better to spread this for awareness.
So many malware topics created this week and I think it is getting scary to think that there are people who are already falling victims to this because of a lack of knowledge about basic cyber security measures. At this point I think everyone should make it a responsibility to learn the basics of cyber security or get trained on it.
There is no trading needed against this malware if you can read and learn about it yourself online. There are many online articles that the person can read from to learn about malware and ways to avoid it on devices.The reality is that no one is immuned from this, today it may malware targeted at folks in South America tomorrow it could be folks in the Caribbeans. Be aware and take your security online personal.
If you have the knowledge about how malware works and how to avoid them, you can be immune to it. Example are cold storages like airgapped devices which are immune to malware. Some people can go for multisig wallets on cold storage which offer more security and immunity against malware. Most people that are their devices are affected are careless about malware until the realize they have to learn about it. 
I am very certain that I have hundreds of malicious mails sent to my email but I've never open one talkless of opening the messages and downloading the zip file, isn't that stupidity? I also believe that this is wired to work on computers since it needs to inject the RAT payload, this is not possible on a smartphone, I could be wrong but I still believe that using your smartphone for the crypto hot wallet is safer than using a PC.
It seems that malware attacks are increasing faster this days, I can't even remember how many topics like this one that I've read on this forum since the past few weeks now, I feel sorry for beginners that don't have any experience about all these.
I only do video editing and gaming on my PC, every crypto assets I own are in my hardware wallet, for me it is a byebye to this type of attacks online, I won't stop telling people that hardware wallet is very important, it is because of things like this.
It seems that malware attacks are increasing faster this days, I can't even remember how many topics like this one that I've read on this forum since the past few weeks now, I feel sorry for beginners that don't have any experience about all these.
I only do video editing and gaming on my PC, every crypto assets I own are in my hardware wallet, for me it is a byebye to this type of attacks online, I won't stop telling people that hardware wallet is very important, it is because of things like this.
If it has a specified target location, such information doesn't exempt crypto users from other parts of the world to learn about such attack. From what you've just shared, this attack seems to be done via email, since its more of a direct way of communicating with someone, and In most cases, it raises our curiosity to knowing who actually sent the mail and what the main truly contains, thereby leading us to clicking. I have received few mails that contains a download links, but quite informed enough to blocking them.
As far as I know, this criminals in the beginning will target a specified location before venturing out on other. As if they are testing if their new malware are going to be effective, and if it is, then obviously they will make a revision to target other countries as well.
Some we received are going into our spam, but there are others that can really go into our inbox and will not be filtered by our email services. So that's where the dangers lie in, we shouldn't click any specially if the source is unknown to us.
Anyway, thanks again to the OP for this warning.
If it has a specified target location, such information doesn't exempt crypto users from other parts of the world to learn about such attack. From what you've just shared, this attack seems to be done via email, since its more of a direct way of communicating with someone, and In most cases, it raises our curiosity to knowing who actually sent the mail and what the main truly contains, thereby leading us to clicking. I have received few mails that contains a download links, but quite informed enough to blocking them.
I also think phishing attacks(but not sure of Samba py malware), can be performed through SMS, which comes in the form of fake messages, but contains malicious links/attachment. These attackers are very much up to date, which gives them different ideas in developing various techniques to implement their phishing attacks. Op, thanks for sharing this information. Though we can't do anything to stop phishing attacks in our society, but we can at least remind ourselves that they still exist.
I also think phishing attacks(but not sure of Samba py malware), can be performed through SMS, which comes in the form of fake messages, but contains malicious links/attachment. These attackers are very much up to date, which gives them different ideas in developing various techniques to implement their phishing attacks. Op, thanks for sharing this information. Though we can't do anything to stop phishing attacks in our society, but we can at least remind ourselves that they still exist.
It's quite not different from others that has been spreading across all media platforms, the basic thing is that crypto related stuffs should be handled with so much care. since transactions signed and received by the wrong recipient can't be reversed or rescued in some case it's left for us to examine what ever address we are depositing into very well before confirming the transaction.
Whatever that has to do with our data let's keep them very close and offline where it can't get to the wrongs hands. Privacy is our biggest success.
Whatever that has to do with our data let's keep them very close and offline where it can't get to the wrongs hands. Privacy is our biggest success.
Nice information OP. I think yesterday evening while I was just watching a couple of random videos online I came across a video with a particular guy talking about something very related to this malwares that are capable of carrying out some sort of pre programed key strokes. well my point is we have to be very careful with our computers especially those that have things like our private data, and things relating to our funds possibly crypto hodlings.
I was I little surprised. Anyways the fact remains both online and offline our data can still be very vulnerable and it's up to us to stay vigilant at all times and make sure we are up-to-date when it comes to things regarding our security. And privacy. The fact is it's still possible to be aware of these malwares and still fall for it because of the slightest carelessness.
I was I little surprised. Anyways the fact remains both online and offline our data can still be very vulnerable and it's up to us to stay vigilant at all times and make sure we are up-to-date when it comes to things regarding our security. And privacy. The fact is it's still possible to be aware of these malwares and still fall for it because of the slightest carelessness.
So many malware topics created this week and I think it is getting scary to think that there are people who are already falling victims to this because of a lack of knowledge about basic cyber security measures. At this point I think everyone should make it a responsibility to learn the basics of cyber security or get trained on it. The reality is that no one is immuned from this, today it may malware targeted at folks in South America tomorrow it could be folks in the Caribbeans. Be aware and take your security online personal.
A new clipboard malware has emerge and exclusively targeting Italy via phishing campaign. Below is the infection chain,
Infection chain:
The email usually comes a German email address that really looks legit. And then it has a attached invoice embedded in link. And once you click it, it will redirect you to a malicious website.
And once the Zip archive is opened, it will download and then deploy a dropper, a multi functional RAT payload. And it's functionalities includes the following:
So it's has capabilities that is very dangerous to crypto enthusiast, as it could be a clipper malware and then steal our password as well, so not just in crypto but like in banking apps that we have in our system.
Take note that right now, it targets Italy, but the code of the malware itself is Brazilian or Portuguese speaking so this might evolved later to target Lat-Am.
https://securelist.com/sambaspy-rat-targets-italian-users/113851/
Infection chain:
The email usually comes a German email address that really looks legit. And then it has a attached invoice embedded in link. And once you click it, it will redirect you to a malicious website.
And once the Zip archive is opened, it will download and then deploy a dropper, a multi functional RAT payload. And it's functionalities includes the following:
So it's has capabilities that is very dangerous to crypto enthusiast, as it could be a clipper malware and then steal our password as well, so not just in crypto but like in banking apps that we have in our system.
Take note that right now, it targets Italy, but the code of the malware itself is Brazilian or Portuguese speaking so this might evolved later to target Lat-Am.
https://securelist.com/sambaspy-rat-targets-italian-users/113851/
Jump to: