Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

From bleepingcomputer.com

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months.

This loader is the third one detected by Cisco Talos’ research team since July 2018, with Smoke Loader(aka Dofoil) being employed by threat actors to drop ransomware or cryptocurrency miner payloads last year, while Brushaloader was identified during early 2019 and seen while making use of Living-of-the-Land (LotL) tools such as PowerShell scripts to remain undetected on compromised systems.

Read more…