Flirty German emails deploy targeted malware payload

German speakers have been targeted with emails promising explicit content that use Keitaro TDS to redirect them to malicious domains. The system checks the recipient’s IP address and, if it locates them in Germany, automatically downloads a 300 MB ISO file from a server in Russia. When the ISO is opened, it mounts a virtual drive containing “lovely_photos.exe” and a password file; entering the password launches an AutoIt script. That script bypasses antivirus checks and creates a scheduled task named DragonMapper to ensure the malware runs on each startup.

Read more:

https://cybernews.com/cybercrime/emails-snare-german-victims-malware-trap/