Emansrepo stealer: multi-vector attack chains

Intel Name: Emansrepo stealer: multi-vector attack chains

Date of Scan: September 5, 2024

Impact: High

Summary:
In August 2024, FortiGuard Labs detected a Python infostealer named Emansrepo, spread through emails with fraudulent purchase orders and invoices. Emansrepo compresses victim data from browsers and specific file paths into a zip file, then emails it to the attacker. This campaign has been active since November 2023. The phishing email contained an HTML file that redirected to a download link for Emansrepo, which is packaged with PyInstaller to run without needing Python.

More Details