In August 2019, Wapack Labs observed a significant uptick in malicious emails delivering a malware identified as Cryxos. The observed malware is currently being delivered to users in Brazil, however thousands of related specimens were observed on Virus Total indicating a widespread campaign affecting multiple countries. This report provides technical details on the first stage and second stage components of this malware campaign as well as the associated infrastructure, and malware attribution.
Comments