Ave Maria info stealer & keylogger is a relatively new malware that appeared rather suddenly towards the end last year 2018. We don’t see much of it in UK and most examples I have heard of are from Italy and have been targeting Italian companies, so this is quite unusual and is not a well known malware (yet). This arrived with an Excel spreadsheet attachment to a fake invoice / order email. The miscreants are using CVE-2017-11882 to download the payload from a remote URL http://23.249.164.131/feb/sel/sel.exe This in turn calls out to a github account where what look like genuine digitally … Continue reading →
Article Link: https://myonlinesecurity.co.uk/ave-maria-infostealer-keylogger-via-fake-invoice-order-confirmation/