Russian organizations are experiencing a targeted campaign that delivers previously undocumented Windows spyware named Batavia. Active since July 2024, the attack begins with bait emails that contain malicious links supposedly related to contract signing. The goal is to infect organizations and gather sensitive information. The malware, which includes components written in Visual Basic and Delphi, extracts data, including various file types and documents, then transmits the collected information to remote servers for further exploitation.
The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract. The main goal of the attack is to infect organizations with the previously unknown Batavia spyware, which then proceeds to steal internal documents.
The malware likely displays a fake contract to the victim as a distraction while collecting system logs, office documents, and screenshots in the background. The data gathering also extends to removable devices attached to the host.
Collection
[
|
...
]