Emansrepo Stealer: Multi-Vector Attack Chains
Fortinet News, Tuesday, September 3rd, 2024
In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices.
Emansrepo compresses data from the victim's browsers and files in specific paths into a zip file and sends it to the attacker's email. According to our research, this campaign has been ongoing since November 2023.
The attacker sent a phishing mail containing an HTML file, which was redirected to the download link for Emansrepo. This variant is packaged by PyInstaller so it can run on a computer without Python.