“`html

“Efimer” Trojan: Phishing Campaign Targets Businesses and Individuals with Crypto-Stealing Malware

A elegant phishing campaign leveraging the “Efimer” Trojan has infected over 5,000 systems globally between October 2024 and July 2025, with a particular focus on stealing and manipulating cryptocurrency wallet addresses. kaspersky, a leading cybersecurity firm, has issued a warning about the evolving tactics employed by the attackers, who are increasingly targeting both individuals and businesses with tailored phishing emails.

Global Infections and European Hotspots

The Kaspersky Security Network recorded more than 5,000 infections worldwide with the “Efimer” Trojan during the period from October 2024 to July 2025. A significant portion of these infections – approximately 1,500 – occurred in Europe, impacting private individuals and companies in Germany, Spain, and Italy. This widespread distribution underscores the growing threat posed by this malware and the attackers’ ability to adapt their methods.

From Compromised Websites to Targeted Phishing

Initially,the “Efimer” Trojan spread through compromised WordPress websites. However, since June 2025, attackers have shifted their focus to more targeted phishing emails. These emails frequently enough masquerade as legal correspondence from law firms,threatening legal action over alleged trademark violations. The goal is to trick recipients into downloading malicious files.

“This Trojan is characterized by its double distribution strategy – with adapted attack methods for both private users and for companies,” noted a kaspersky security researcher. The attackers demonstrate a clear understanding of their targets, tailoring their approach to maximize success.

Baiting the Hook: Different Tactics for Different Victims

The attackers employ distinct tactics depending on the target. In the private sector, they utilize torrent files containing popular film titles as bait. For businesses, the phishing emails appear more legitimate, mimicking official legal communications. However, the common thread remains the same: compromising systems requires recipients to actively download and execute malicious files.

“In both cases it is crucial: a compromising only takes place if the recipients actively download and run harmful files!” the researcher emphasized. This highlights the importance of user awareness and caution when handling unsolicited attachments or links.

Protecting Against “Efimer” and Similar Threats

Kaspersky recommends several key steps to protect against threats like “efimer”:

• Avoid opening attachments or links from unwanted or suspicious emails.
• Carefully verify the sender’s address, especially for emails claiming to be from legal or financial institutions.
• Regularly update software, operating systems, and applications.
• Implement two-factor authentication (2FA) whenever possible.
• Continuously monitor company networks for signs of compromise.
• Secure servers and content management systems, such as WordPress, to prevent exploitation.
• Utilize robust security solutions, like Kaspersky Next Complete Security, that offer protection against both known and unknown threats.

The Rising Tide of Phishing Attacks

The emergence of “Efimer” is part of a broader trend of increasing phishing attacks. Recent reports indicate a growing susceptibility to phishing emails, even those that appear familiar. Furthermore, new phishing domains are constantly being registered, posing an ongoing threat to organizations, notably in sectors like aviation. Cybersecurity experts are identifying increasingly sophisticated tactics used by attackers, highlighting the need for constant vigilance.

The threat landscape is constantly evolving, and organizations and individuals must remain proactive in their security measures to mitigate the risk of falling victim to attacks like the “Efimer” Trojan. Staying informed about the latest threats and implementing robust security practices are essential for protecting valuable data and assets.