SambaSpy – a new RAT targeting Italian users

SUMMARY :

A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed SambaSpy. The infection chain involves phishing emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs multiple checks to ensure only Italian users are infected. SambaSpy is a full-featured RAT developed in Java with capabilities including file system management, process control, keylogging, webcam control, and credential stealing. The threat actor behind the campaign appears to speak Brazilian Portuguese and has also targeted Spain and Brazil. The attackers base their distribution on legitimate documents, taking advantage of company brands unrelated to the campaign.

OPENCTI LABELS :

rat,phishing,java,credential stealing,sambaspy


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


SambaSpy – a new RAT targeting Italian users