Cybersecurity specialists from F.A.C.C.T. have discovered a new threat: email distributions from an attacker who has been given the code name FakeTicketer. He sends victims unique malware: a stealer, a remote access Trojan (RAT), and a dropper with the ability to steal data from browsers. This family of malicious files has been named Zagrebator.
Emails from FakeTicketer contain an attachment in the form of an archive, the name of which duplicates the subject of the email. The attached archive contains an executable file with a similar name related to the legend of the attack. As a lure document, FakeTicketer used fake tickets to sporting events: for example, to matches of the Russian football premier league, competitions in water rowing on kayaks and canoes.
The attacker uses self-written malware, which allows him to be more stealthy and bypass certain detection systems during the exploitation of the attack chain on the infected system. Based on the functionality of the malware, we believe that the motivation of the FakeTicketer attacker is espionage. Based on the discovered decoy files, we believe that his attacks are aimed, among other things, at the public sector.
In the fall and early winter, FakeTicketer began to use official documents as bait. In October, it was a scan of a school certificate, in December - regulatory acts of the administration of the city of Simferopol. Cybersecurity experts see Russian sports functionaries and officials of various levels as likely targets of the attacker.
Read materials on the topic:
Infected network equipment at nodal stations could have caused the Runet failure
Fraudulent networks: almost 40% of cybercrimes in Russia are committed using IT technologies
Now on home
Start of deliveries scheduled for 2027
Over 51,000 new motorcycles were sold in Russia in 2025
The car will take at least a year to assemble
The application's audience has reached 20 million users
The model will be included in the list of cars for taxis, price - from 2.25 million rubles
All parking lots of the "Administrator of the Moscow Parking Space" are connected to the service
The cars will be supplied to the Moscow Transport Service Directorate
Deliveries to India may begin in 2028
The technology provides automated search for all types of defects in power units
The plane flew 500 km, accelerating to 425 km/h
The plant stated that the information about the termination of purchases for models 6 and 8 is not true
Scientists are using the "Ekran-M" installation