Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files

A spear-phishing email, claiming to be from the president of an Azerbaijani company, used malware hidden in images to target associated businesses. The email contained a zip file, which included both genuine and faked images. When opened, a javascript automatically downloaded a zip file to the victim’s computer. Further user interaction enabled the malware, programmed in Rust and able to execute outside office hours, to steal basic computer information.