Cisco Talos: ‘Salfram’ email campaign is delivering multiple types of malware to businesses. Malware includes Trojans designed to steal banking credentials and other financial information. The campaign uses a crypter that’s designed to alter the malicious code to make it more difficult for security tools to detect. The threat actors also use Google Drive to obscure malicious files designed to deliver malware to compromised devices. The malware includes Gozi ISFB, Zloader, Smoke Loader, Oski, AveMaria and malicious versions of Cobalt Strike.”]
Source: https://www.cuinfosecurity.com/salfram-email-campaign-spreads-malware-to-businesses-a-14948