Phishing targeting Polish SMBs continues via ModiLoader

Attention all small and medium-sized businesses in Poland! ESET Research has uncovered multiple phishing campaigns targeting businesses just like yours throughout the month of May 2024. These campaigns have been distributing various malware families, including Rescoms, Agent Tesla, and Formbook.

In comparison to previous campaigns in 2023, attackers have shifted their delivery mechanism from AceCryptor to ModiLoader. This change has resulted in nine notable ModiLoader phishing campaigns detected by ESET in Poland, Romania, and Italy. These campaigns have specifically targeted over 21,000 users in Poland alone, showcasing the widespread impact of these malicious activities.

The phishing emails used in these campaigns often come disguised as legitimate business offers, enticing recipients to open malicious attachments. These attachments contain ModiLoader executables, which then download and launch malware such as Formbook, Agent Tesla, and Rescoms on compromised machines.

Attackers have been utilizing compromised email accounts and servers to not only spread malicious emails but also to host malware and collect stolen data. The exfiltration of data has been observed through various methods, including SMTP and redirection to legitimate company websites to avoid detection.

Despite the ongoing nature of these phishing campaigns, ESET remains vigilant in protecting users and detecting these malicious activities. If you have any concerns or inquiries regarding our research, please reach out to us at threatintel@eset.com. Stay informed and stay safe against these evolving cyber threats targeting businesses in Central and Eastern Europe.

Leave a Reply

Your email address will not be published. Required fields are marked *