Initial Access | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos researcher Guilherme Venere said in a Thursday report. The attack chains begin with specially crafted spam emails that claim to originate from financial institutions or cell phone carriers, warning of overdue bills or outstanding payments in order to trick users into clicking on bogus Dropbox links that point to a binary installer for the RMM tool. Two notable RMM tools observed are N-able RMM Remote Access and PDQ Connect , granting attackers the ability to read and write files to the remote file system. In some cases, the threat actors then use the remote capabilities of th...