From gbhackers.com
Security researchers tracked a new malware loader JasperLoader, which has been active for the last few months and distributed through digitally signed emails.
The campaign primarily targets European countries, it employs a multi-stage infection process with a number of obfuscation techniques, which make the analysis process more complicated.
“Over the past several months, we’ve seen several spam campaigns with signed emails attempting to infect victims with JasperLoader and ultimately the Gootkit banking trojan”, reads Talos blog post.
Talos observed multiple campaigns that distribute JasperLoader and each campaign facilitate with unique email templates and download configurations, based on the languages and countries.