Weekly report by the TG Soft CRAM, concerning Italian malspam campaigns.

Below are the details of the campaigns released during the week from 06 April 2026 to 12 April 2026.

During the week under review, both global campaigns and campaigns in Italian saw a decline compared with the previous week

The week was characterized by Password Stealer of the Families: AgentTesla, FormBook and Remcos.

The blue bar shows the total number of campaigns monitored in Italy in each week, while the red bar concerns campaigns in Italian (and targeting Italy).

We monitored 58 campaigns during the week, 8 of which used Italian as their language.

Per poter capire come sono suddivise le varie settimane (Week) di seguito una piccola tabella che indica la suddivisione dei periodi presi in considerazione:

During the week, the peak in global campaigns was recorded on Thursday 09 April, with 19 different campaigns per day. The peak of campaigns in Italian was recorded on Wednesday 8 and Thursday 09 April, with 3 different campaigns on each day respectively, as shown in the graph below:

In the following chart we see the malware families spread globally for each day of the week:

Instead in this graph we see the distribution based on malware family. In the past week 10 different families were detected:

The top-ranking samples this week are Script files accounting for 70,69%.

MSIL files follow in second place with 15,52%.
As for third place, we find  WIN32 executable files with10,34%.

In the chart below we can see the various types of language used to develop malware:

In the following graph we see the distribution of the various types of languages divided by day:

Check out the March campaigns

We invite you to check out the March 2026 reports, to stay up-to-date on the malspam campaigns circulating in Italy: