SambaSpy is a newly discovered Remote Access Trojan (RAT) specifically aimed at Italian users, utilizing sophisticated infection chains through emails disguised as invoices from Italian real estate companies. The malware, developed in Java, known for stealing browser credentials and enabling remote desktop control, exhibits advanced obfuscation techniques to evade detection. The campaign involves multiple stages, including downloader and dropper functionality, with the attackers showing indications of speaking Brazilian Portuguese and targeting users not only in Italy but also in Spain and Brazil
The attackers leverage language-specific checks and legitimate documents to distribute the malware, illustrating the evolving tactics in cybercriminal activities. Despite various connections to Brazil, the threat actors remain unidentified, showcasing the challenge of attribution and the importance of continuous monitoring and analysis in cybersecurity efforts. ```https://securelist.com/sambaspy-rat-targets-italian-users/113851/