Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Warning: Phishing Campaign Targets Germany with New Malware

    Stu Sjouwerman | Feb 3, 2025

    New Malware Strains Found in Phishing CampaignResearchers at Cisco Talos warn that a new phishing campaign is targeting users in Germany and Poland in an attempt to deliver several strains of malware, including a new backdoor dubbed “TorNet.”

    The phishing emails purport to be fake money transfer confirmations from financial institutions or phony order receipts from manufacturing and logistics companies.

    “The phishing emails are predominantly written in Polish and German, indicating the actor’s intent to primarily target users in those countries,” the researchers write. “We also found some phishing email samples from the same campaign written in English. We assess with medium confidence that the actor is financially motivated, based on the phishing email themes and the filenames of the email attachments. The phishing email has attachments with the file extension ‘.tgz’, indicating that the actor has used GZIP to compress the TAR archive of the malicious attachment file to disguise the actual malicious content of the attachment and evade email detections.”

    The new strain of malware, which Talos calls “TorNet,” is installed by the PureCrypter loader after a user opens the attachment.

    “When a user opens the compressed email attachment and manually unzips it and runs a .NET loader executable, it eventually downloads encrypted PureCrypter malware from a compromised staging server,” the researchers write.

    “The Loader decrypts the PureCrypter malware and runs it in the system memory. In a few intrusions in this campaign, we found that the PureCrypter malware drops and runs the TorNet backdoor. The TorNet backdoor establishes connection to the C2 server and also connects the victim machine to the TOR network. It has the capabilities to receive and run arbitrary .NET assemblies in the victim machine’s memory, downloaded from the C2 server, increasing the attack surface for further intrusions.”

    New-school security awareness training can give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Cisco Talos has the story.

    Topics: Social Engineering Phishing Security Awareness Training Security Culture

    BreachSim

    Free downloadable software tool

    How easy is it for bad actors to penetrate your system and exfiltrate your data? Pinpoint vulnerabilities, take action and build stronger cyber defenses with BreachSim, a free downloadable software tool from KnowBe4. Based on techniques outlined in the MITRE Att&CK framework, BreachSim launches 12+ data exfiltration scenarios to uncover the stark reality of what happens when employees unknowingly fall for an attack.

    BreachSim LogoHow BreachSim works:

    • 100% harmless simulation of real breach and data exfiltration attacks
    • Provides secure .txt, .doc, and .bmp test files for the simulation
    • Tests 12+ realistic data exfiltration scenarios following the MITRE Att&CK framework
    • Just download the installer, upload the secure test files, and run

    Results in a few minutes!

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All