: The user receives an email or message with the subject line "Download gratuito di gadget retrò (v0.1.0)".
: The code often includes checks for virtual machines or sandboxes to prevent analysis by security researchers. Recommendation If you have encountered this file or subject line: Do not open any links or attachments associated with it. Isolate the system if the file has already been executed. Download gratuito di gadget retrГІ (v0.1.0)
: High volume of DNS requests to dynamic DNS providers or command-and-control (C2) servers hosted on low-cost VPS providers. : The user receives an email or message
: Most commonly distributed via phishing emails containing links to cloud storage services (like Discord CDN, MediaFire, or Google Drive) or attached compressed files (.zip, .rar). Isolate the system if the file has already been executed
: A heavily obfuscated loader executes. In recent variations of this specific lure, the malware often attempts to: Exfiltrate browser credentials and cookies. Steal cryptocurrency wallet information. Take screenshots of the victim's desktop.
While specific hashes change frequently, you should look for the following patterns:
This campaign is characterized by its use of specific versioning (v0.1.0) and localized Italian language to create a sense of authenticity or curiosity.