From bleepingcomputer.com
Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months.
This loader is the third one detected by Cisco Talos’ research team since July 2018, with Smoke Loader(aka Dofoil) being employed by threat actors to drop ransomware or cryptocurrency miner payloads last year, while Brushaloader was identified during early 2019 and seen while making use of Living-of-the-Land (LotL) tools such as PowerShell scripts to remain undetected on compromised systems.