Emansrepo Stealer Multi-Vector Attack Chains
A Python infostealer named Emansrepo has been observed since November 2023 distributed via phishing emails containing fake purchase orders and invoices. The malware steals browser data credit card information and files sending them to the attackers email. The attack chain has evolved becoming more complex with multiple stages before downloading Emansrepo. Three main attack chains are described involving HTML files AutoIt scripts and PowerShell commands. The stealers behavior is divided into three parts targeting different types of data. A new related campaign using Remcos malware has also been identified. The attackers continuously evolve their methods emphasizing the importance of cybersecurity awareness for organizations.