Intel Name: Emansrepo stealer: multi-vector attack chains
Date of Scan: September 5, 2024
Impact: High
Summary: In August 2024, FortiGuard Labs detected a Python infostealer named Emansrepo, spread through emails with fraudulent purchase orders and invoices. Emansrepo compresses victim data from browsers and specific file paths into a zip file, then emails it to the attacker. This campaign has been active since November 2023. The phishing email contained an HTML file that redirected to a download link for Emansrepo, which is packaged with PyInstaller to run without needing Python.