One of the emails and its associated attachment for MassLogger malware.

Traffic from the infection filtered in Wireshark.

Example of a data exfiltration email sent from an infected host in my lab.

2026-01-07 (Wednesday): #MassLogger infection from email attachment. Copies of the emails, associated malware, indicators, and a #pcap of the infection traffic are available at www.malware-traffic-analysis.net/2026/01/07/i...

There's a #MassLogger malware campaign using an allegedly compromised email account🪝of an employee at the Ministry of Agriculture, Water Management and Forestry of Bosnia and Herzegovina 🇧🇦, used to exfiltrate data from compromised devices through SMTP 🔥

👉 bazaar.abuse.ch/sample/45535...

Screenshot of the email distributing MassLogger

Traffic from the MassLogger infection filtered in Wireshark.

MassLogger malware persistent on an infected Windows host.

2025-04-17 (Thursday): #MassLogger malware sent through #malspam. Infection traffic indicates stolen data sent to email server at mail.bouttases[.]fr. Details at github.com/malware-traf...