logo

Beware of Phishing Emails Disguised as Project Proposals

ID: c20d6d46-f0ae-51bc-a7f7-2304ebd8d8c2

STIX ID: report--c20d6d46-f0ae-51bc-a7f7-2304ebd8d8c2

Feed Name: ASEC

Threat Score
65/100

Date Published: 2026-07-08

Date Updated: 2026-07-13

Author: ATCP

...
...

AhnLab ASEC warns of a phishing campaign using project-proposal themed emails with compressed attachments containing obfuscated JavaScript that executes PowerShell to decrypt and run SnakeKeylogger in memory; the infostealer harvests web browser data, system information and keystrokes and exfiltrates via SMTP or Telegram, with C2 details and an MD5 provided. The report also includes user guidance on verifying senders, checking links/attachments, and avoiding credential entry on suspicious pages.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.