Beware Of SambaSpy, New Malware Targeting Italian Users

Malware illustration (photo: Pixabay)

JAKARTA - Kaspersky's Global Research and Analysis Team (GreAT/ Global Research and Analysis Team) has discovered a campaign of advanced malware that exclusively targets users in Italy.

Dubbed SambaSpy, this targeted malware that involves the distribution of Remote Access Trojans (RAT) has capabilities such as file system management, webcam control, password theft, and remote desktop management.

Based on Kaspersky's findings, the malware, which began in May 2024, has been engineered to infect only users whose systems are set to Italian, ensuring maximum success probability in the region.

"We are surprised by the narrow targeting of this attack. Usually, cybercriminals aim to infect as many users as possible, but SambaSpy's chain of infection includes a special check to ensure that only Italian users are affected," said Giampaolo Dedola, senior cybersecurity researcher at GREAT Kaspersky.

Kaspersky discovered two few infection chains used in the campaign. One method is via phishing email, which comes from a legitimate Italian real estate company.

The email asks users to view the invoice by clicking the embedded link. This link directs users to malicious web servers, where malware validates browser and language settings.

If users run Edge, Firefox, or Chrome with Italian language settings, they are directed to a malicious OneDrive URL containing malware embedded PDFs. It starts downloading droppers or downloaders, both of which eventually send SambaSpy RATs.

This advanced malware can carry out various malicious activities, including: