Malware Attack

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems.

"The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines," Uptycs security researcher Karthickkumar Kathiresan said in a report.

Details of the campaign were first disclosed by Milan-based IT services firm last month.


The multi-stage infection sequence commences with an invoice-themed phishing email containing a link that, when clicked, downloads a password-protected ZIP archive file, which harbors two files: A shortcut (.LNK) file and a batch (.BAT) file.

Malware Attack

Irrespective of which file is launched, the attack chain remains the same, as opening the shortcut file fetches the same batch script designed to install the information stealer payload from a GitHub repository. This is achieved by leveraging a legitimate PowerShell binary that's also retrieved from GitHub.

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

Once installed, the C#-based malware gathers system metadata, and information from dozens of web browsers (e.g., cookies, bookmarks, credit cards, downloads, and credentials), as well as several cryptocurrency wallets, all of which is transmitted to an actor-controlled domain.

To mitigate such attacks, organizations are recommended to implement "tight security controls and multi-layered visibility and security solutions to identify and detect malware."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.