Email users need to be watchful for a seemingly new form of malicious software being spread in phishing messages since at least November last year.
Called Latrodectus, which refers to the deadly widow group of spiders, the malware can reportedly evade an email’s "sandbox" feature, meaning it can land in inboxes without first undergoing the usual scrutiny given to other messages by up-to-date email systems.
According to internet security researchers at Team Cymru and Proofpoint, the malware has been found in "nearly a dozen" campaigns, according to the researchers, who said the messages typically try "to initiate a conversation with a target" through forms in an email.
The format could "become increasingly used by financially motivated threat actors across the criminal landscape," they warned.
But while the threat from Latrodectus grows, the first quarter of 2024 has seen a fall in ransomware attacks compared to the same period last year, according to CyberInt, which monitors threats to cyber-security.
The 22% year-on-year drop is in part down to increased efforts to track down and arrest perpetrators, according to The Hacker News, pointing to the arrests of three people allegedly involved with the "infamous" ransomware syndicate known as "LockBit."
2023 was a record year for ransomware attacks, which climbed by over 50% compared to 2022.
Usually spread via email, ransomware is a form of malware that "installs itself onto a victim’s machine, encrypts their files, and then turns around and demands a ransom to return that data to the user," according to McAfee, the anti-virus software business.