Cybersecurity specialists from F.A.C.C.T. have discovered a new threat: email distributions from an attacker who has been given the code name FakeTicketer. He sends victims unique malware: a stealer, a remote access Trojan (RAT), and a dropper with the ability to steal data from browsers. This family of malicious files has been named Zagrebator.
Emails from FakeTicketer contain an attachment in the form of an archive, the name of which duplicates the subject of the email. The attached archive contains an executable file with a similar name related to the legend of the attack. As a lure document, FakeTicketer used fake tickets to sporting events: for example, to matches of the Russian football premier league, competitions in water rowing on kayaks and canoes.
The attacker uses self-written malware, which allows him to be more stealthy and bypass certain detection systems during the exploitation of the attack chain on the infected system. Based on the functionality of the malware, we believe that the motivation of the FakeTicketer attacker is espionage. Based on the discovered decoy files, we believe that his attacks are aimed, among other things, at the public sector.
In the fall and early winter, FakeTicketer began to use official documents as bait. In October, it was a scan of a school certificate, in December - regulatory acts of the administration of the city of Simferopol. Cybersecurity experts see Russian sports functionaries and officials of various levels as likely targets of the attacker.
Read materials on the topic:
Infected network equipment at nodal stations could have caused the Runet failure
Fraudulent networks: almost 40% of cybercrimes in Russia are committed using IT technologies
Now on home
The device discovered underwater heat sources
Similar software remains in Google Play for now
The new method makes it impossible to spoof the digital identifiers of drones
The pensioner clicked on a link in a message supposedly from an ad platform, after which the attackers convinced her to give the money to couriers
Of the 678 passenger ships, some have been in operation for more than 30 years, all using internal combustion engines
The body volume exceeds 20 cubic meters - while the car remains within the dimensions of a standard chassis
Two relay satellites conducted 17 sessions of telemetry and command transmission during docking with the ISS
Deputy Nina Ostanina: Parents should protect children from gadgets
Along with Russians, citizens of Belarus, Tajikistan, and Uzbekistan were evacuated from the station
Three launch sites will operate simultaneously