Threat Actors Enhance Phishing Attacks with Sophisticated Tactics for Malware Distribution

Cybercriminals are increasingly utilising personalised tactics to enhance the effectiveness of their malware-delivery phishing campaigns. Threat actors customise subject lines, attachment names, and embedded links to create a false sense of authenticity and urgency. This sophisticated approach marks a significant evolution in social engineering techniques, as attackers craft emails that appear legitimate by incorporating recipient-specific information, company details, and contextually relevant content that mirrors typical business communications. Recent analysis by Cofense analysts identified five primary themes dominating personalised malware campaigns: Travel Assistance, Response, Finance, Taxes, and Notification. Travel Assistance-themed emails emerged as the most prevalent vector, often featuring Vidar Stealer malware capable of harvesting login credentials, banking information, cryptocurrency wallet data, and browser cookies.

The research, spanning Q3 2023 to Q3 2024, revealed that Finance-themed campaigns predominantly deliver jRAT, a cross-platform Remote Access Trojan written in Java that enables multi-operating system compatibility. Response-themed emails frequently contain PikaBot malware, which incorporates advanced sandbox evasion techniques and serves as a delivery mechanism for additional malicious payloads. A particularly sophisticated aspect of these personalised attacks involves the strategic customisation of downloaded file names to match recipient information. Cofense researchers noted a direct correlation between specific malware families and file name personalisation practices, with jRAT and Remcos RAT campaigns consistently implementing this technique in Finance-themed emails. When jRAT serves as the payload, threat actors invariably personalise both email subjects and downloaded file names, using examples such as “Payment_Summary_[RecipientName].pdf.” 

Categories: Personalization Tactics, Malware Delivery Methods, Targeted Sectors 

Tags: Cybercriminals, Personalization, Phishing, Malware, Social Engineering, Finance, Travel Assistance, jRAT, Remcos RAT, PII