Symantec researchers have discovered a spam campaign targeting Portuguese-language computers specifically focusing on companies based in Brazil with the goal of stealing email accounts in order to access sensitive corporate information.
Lionel Payet, a Symantec threat intelligence officer, wrote in a blog that more than 40,000 emails have been spotted. The emails pose as receipts indicating money has been transferred into their bank account, but the attachment actually is a malicious .vbs file.
The .vbs code then downloads more malicious files from its command and control server with the final result being an infostealer being installed.
“The attackers may gain access to employees’ email accounts and from there, reach internal services and sensitive information, including financial data, source code, employee information, and contacts. The attackers may also use the stolen information for further spam campaigns and targeted attacks,” Payet wrote.