Talos Intelligence are tracking a loader known as “JasperLoader,” which has been increasingly active over the past few months and is currently being distributed via malicious spam campaigns primarily targeting central European countries with a particular focus on Germany and Italy.
JasperLoader employs a multi-stage infection process that features several obfuscation techniques that make analysis more difficult. Over the past several months, they’ve seen several spam campaigns with signed emails attempting to infect victims with JasperLoader and ultimately the Gootkit banking trojan.
Message signing makes use of certificates’ verification to confirm the authenticity of the person sending the email, as only those with access to the private keys should be able to sign the message. Message signing is not the same as message encryption and is used only to validate the identity of the message sender not to guarantee the confidentiality of the message itself.
Talos has identified several malicious campaigns making use of this type of message signing as a way to lend credibility to their messages and maximize the likelihood that potential victims will open the malicious attachments. The attached report analyses the recent campaign targeting Germany.
With thanks to the Cyber Defence Alliance and Talos. The full report is here: https://blog.talosintelligence.com/2019/04/jasperloader-targets-italy.html
Find out how affordable cyber security awareness training is for your organisation. Get a quote now.