FortiGuard Labs recently identified an email phishing campaign using deceptive booking information to entice victims into clicking on a malicious PDF file.
The PDF downloads a .NET executable file created with PowerGUI and then runs a PowerShell script to fetch the final malware, known as MrAnon Stealer. This malware is a Python-based information stealer compressed with cx-Freeze to evade detection. MrAnon Stealer steals its victims’ credentials, system information, browser sessions, and cryptocurrency extensions.
Read more…
Source: Fortinet