Researchers at Kaspersky have discovered a newly surfaced remote access Trojan (RAT) called “SambaSpy” that is packed with features for spying on victims and stealing data. Thought to be Brazilian in origin, SambaSpy is a versatile malware that can perform various functions, including downloading and uploading files, managing the file system and processes, loading additional plugins, and taking complete remote control of a compromised system.
The RAT can also take screenshots, steal passwords, control webcams, and log keystrokes. Its creators have made it hard to detect and analyze by obfuscating it with Zelix KlassMaster, a legitimate Java obfuscation tool.
Kaspersky first spotted SambaSpy in May, targeting victims in Italy. However, recent evidence suggests the attackers may be expanding their operation to other countries, including Spain and Brazil.
SambaSpy is primarily distributed via phishing emails spoofed to appear like they are from a real estate company. Users who click on the call-to-action in the email are redirected to a website that checks the victim’s operating system language and browser. If the OS is Italian and the browser is Edge, Chrome, or Firefox, the malicious site injects a malicious PDF file containing either a dropper or a downloader.
The malware can detect if it has landed on a virtual system before installing itself. Interestingly, if the OS language is not Italian, the malicious website redirects the potential victim to a legitimate website for online invoices.
While using email as an initial access vector may seem low-tech, it remains one of the most effective methods. A Trend Micro study found that 73.8 billion threats in 2023 used email as the initial access vector.
Kaspersky warns that attackers will continue to use generative AI tools to craft phishing lures that will be harder to spot. The company notes that the attackers do not care who they hit, nor are the particulars of the phishing bait important.
Source: https://www.darkreading.com/cyberattacks-data-breaches/sambaspy-rat-packs-hefty-punch