Alert, Experts Find Spyware Spread Under The Guise Of Violations From The Legal Firm

JAKARTA - Kaspersky has detected a rapid increase in malicious campaigns and has targeted more than 1,100 corporate users since June 2025, where the perpetrators disguised themselves as law firms.

According to Kaspersky's observations, the campaign began with 95 emails on June 11 and has since continued to increase, which has targeted organizations in various sectors ranging from health, finance, and education to have been targeted.

In this scheme, they send an email threatening the recipient with a lawsuit over alleged violation of the domain name patent, which aims to spread malware.

"This campaign is a sophisticated combination of psychological manipulation and technical deception, leveraging fear of unlawful violations to force businesses to execute malicious files hidden in attached archives," said Anna Lazaricheva, spam analyst at Kaspersky.

Victims who open attached documents accidentally install a Trojan on their devices, and attackers can spy on their screen content.

In an example of the case found, the user will see a message that reads, "This document cannot be opened on this device. Try opening it on another Windows device," and simultaneously Tor Browser is downloaded and installed quietly.

Through this message, malware periodically sends user screen snapshots to attackers via the Tor network. This malware is also automatically active every time the computer is restarted.

Therefore, as a leading global cybersecurity company, Kaspersky emphasized the importance of equipping devices with a capable security system.

"Complete email security, employee training, and rapid incident reporting are essential to counter this growing threat," he said.