Our Malware Lab conducted a technical analysis on MassLogger, a malware family already known since 2020, which returned to circulation with a series of documented campaigns in Italy between March and May 2025.
Although the sample analysed, from MalwareBazaar, was acquired while these activities were still ongoing, it was not possible to establish the necessary context to link it directly to Italian operations.
The focus on this malware stems from the absence of up-to-date technical analyses made available by cybersecurity analysts and researchers.
The analysed sample is designed to exfiltrate credentials from e-mail clients, browsers and FTP clients, sending information collected via SMTP protocol. Other communication channels are also present, but disabled for this analysed sample, which include sending the exfiltrated data to an FTP server and a Telegram channel.
The dissemination of numerous campaigns relating to this malware family, after a long period of inactivity, signals the adaptability of threat actors in contexts where cyber security is constantly being tightened, especially due to recent geopolitical developments and investments.
If you wish to learn more, here is the link to our full report.
In addition, you can subscribe to the Cyber Studios by Tinexta Defence mailing list to receive updates on upcoming reports:
