loader gif

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam

Europeans Hit with Multi-Stage Malware Loader via Signed Malspam (Malware and Vulnerabilities)

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. Malspam email samples "JasperLoader employs a multi-stage infection process that features several obfuscation techniques that make analysis more difficult," says Cisco Talos. "It appears that this loader was designed with resiliency and flexibility in mind, as evidenced in later stages of the infection process." As unearthed by the researchers, JasperLoader has been disseminated by multiple malspam campaigns throughout the last months and it has been used to drop the Gootkit banking Trojan — previously distributed by DanaBot, Neutrino exploit kit, and Emotet — which acts as a backdoor and can steal sensitive user information.

loader gif