Weekly report by TG Soft's CRAM concerning Italian malspam campaigns.

Below the details of the campaigns massively spread during the week from July 22 to July 28, 2024.

In the monitored week, global campaigns decreased compared to the previous week while Italian written campaigns remained unchanged.

The week was characterized by Password Stealers of the Families: AgentTesla, FormBook, LokiBot and Remcos.

The blue bar indicates the total number of campaigns monitored in Italy in each week, while the red bar concerns campaigns written in Italian (and targeting Italy).

We monitored 45 campaigns during the week, 7 of which used Italian as their language.

In order to understand how the various weeks are divided, below is a small table showing the breakdown of the periods considered:

During the week, the peak in global campaigns was found on Tuesday, July 23 with 11 different campaigns per day. The peak of campaigns in Italian writing was found on Tuesday, July 23, and Wednesday, July 24, with 2 campaigns per day, as  highlighted by the graph below:

In the following chart we see the malware families spread globally for each day in the week:

Instead in this graph we see the distribution based on malware family. In the past week 6 different families were detected:

This week's featured samples are Office documents (Word, Excel, PowerPoint) covering 28.88% of malware sent via e-mail.
In second place are MSIL executables (C#) with 26.67%, and in third place we have WIN32 with 17.78%.
15.56% of the distributed samples are AutoIT executable files.

In the picture below we can see the various types of language used to develop malware:

In the following graph we see the distribution of the various types of languages divided by day:

Check out the June/July campaigns

We invite you to check out the June/July 2024 reports, to stay up-to-date oabout the malspam campaigns circulating in Italy: