{"id":28003,"date":"2025-06-20T17:17:31","date_gmt":"2025-06-20T15:17:31","guid":{"rendered":"https:\/\/tinextadefence.it\/?p=28003"},"modified":"2025-06-20T17:17:31","modified_gmt":"2025-06-20T15:17:31","slug":"masslogger-malware-analysis-report","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/masslogger-malware-analysis-report\/","title":{"rendered":"MassLogger: Malware Analysis Report"},"content":{"rendered":"

Our Malware Lab conducted a technical analysis on MassLogger, a malware family already known since 2020, which returned to circulation with a series of documented campaigns in Italy between March and May 2025.<\/span>\u00a0<\/span><\/p>\n

Although the sample analysed, from MalwareBazaar, was acquired while these activities were still ongoing, it was not possible to establish the necessary context to link it directly to Italian operations.<\/span>\u00a0<\/span><\/p>\n

The focus on this malware stems from the absence of up-to-date technical analyses made available by cybersecurity analysts and researchers.<\/span>\u00a0<\/span><\/p>\n

The analysed sample is designed to exfiltrate credentials from e-mail clients, browsers and FTP clients, sending information collected via SMTP protocol. Other communication channels are also present, but disabled for this analysed sample, which include sending the exfiltrated data to an FTP server and a Telegram channel.<\/span>\u00a0<\/span><\/p>\n

The dissemination of numerous campaigns relating to this malware family, after a long period of inactivity, signals the adaptability of threat actors in contexts where cyber security is constantly being tightened, especially due to recent geopolitical developments and investments.<\/span>\u00a0<\/span><\/p>\n

If you wish to learn more, here is the link to our\u00a0full report<\/a>.<\/p>\n

In addition, you can subscribe to the Cyber Studios by Tinexta Defence mailing list to receive updates on upcoming reports:<\/span>\u00a0<\/span><\/p>\n

https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a>\u00a0<\/span><\/p>","protected":false},"excerpt":{"rendered":"

Our Malware Lab conducted a technical analysis on MassLogger, a malware family already known since 2020, which returned to circulation with a series of documented campaigns in Italy between March and May 2025. Although the analysed sample, from MalwareBazaar, was acquired while these activities were still ongoing, it was not possible [...]<\/p>","protected":false},"author":7,"featured_media":28008,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[],"class_list":["post-28003","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness"],"acf":[],"yoast_head":"\nMassLogger: Malware Analysis Report - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/masslogger-malware-analysis-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MassLogger: Malware Analysis Report - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Il nostro Malware Lab ha condotto un\u2019analisi tecnica su MassLogger, una famiglia di malware gi\u00e0 nota dal 2020, tornata in circolazione con una serie di campagne documentate in Italia tra marzo e maggio 2025.\u00a0 Sebbene il campione analizzato, proveniente da MalwareBazaar, sia stato acquisito mentre queste attivit\u00e0 erano ancora in corso, non \u00e8 stato possibile […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/masslogger-malware-analysis-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-20T15:17:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Federica Casadei\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Federica Casadei\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/\"},\"author\":{\"name\":\"Federica Casadei\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\"},\"headline\":\"MassLogger: Malware Analysis Report\",\"datePublished\":\"2025-06-20T15:17:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/\"},\"wordCount\":209,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg\",\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/\",\"url\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/\",\"name\":\"MassLogger: Malware Analysis Report - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg\",\"datePublished\":\"2025-06-20T15:17:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg\",\"width\":1800,\"height\":960},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MassLogger: Malware Analysis Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\",\"name\":\"Federica Casadei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"caption\":\"Federica Casadei\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MassLogger: Malware Analysis Report - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/masslogger-malware-analysis-report\/","og_locale":"en_GB","og_type":"article","og_title":"MassLogger: Malware Analysis Report - Tinexta Defence","og_description":"Il nostro Malware Lab ha condotto un\u2019analisi tecnica su MassLogger, una famiglia di malware gi\u00e0 nota dal 2020, tornata in circolazione con una serie di campagne documentate in Italia tra marzo e maggio 2025.\u00a0 Sebbene il campione analizzato, proveniente da MalwareBazaar, sia stato acquisito mentre queste attivit\u00e0 erano ancora in corso, non \u00e8 stato possibile […]","og_url":"https:\/\/tinextadefence.it\/en\/masslogger-malware-analysis-report\/","og_site_name":"Tinexta Defence","article_published_time":"2025-06-20T15:17:31+00:00","og_image":[{"width":1800,"height":960,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg","type":"image\/jpeg"}],"author":"Federica Casadei","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Federica Casadei","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/"},"author":{"name":"Federica Casadei","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d"},"headline":"MassLogger: Malware Analysis Report","datePublished":"2025-06-20T15:17:31+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/"},"wordCount":209,"commentCount":0,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg","articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/","url":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/","name":"MassLogger: Malware Analysis Report - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg","datePublished":"2025-06-20T15:17:31+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza-1.jpg","width":1800,"height":960},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/masslogger-malware-analysis-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"MassLogger: Malware Analysis Report"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d","name":"Federica Casadei","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","caption":"Federica Casadei"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/28003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=28003"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/28003\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/28008"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=28003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=28003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=28003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}