by TINTSWALO BALOYI
JOHANNESBURG – CYBERSECURITY firm Kaspersky has uncovered a growing malicious campaign using the Efimer trojan to target both individuals and organisations worldwide through phishing emails and compromised websites.
Between October 2024 and July 2025, over 5,000 victims were affected, with Brazil seeing the highest impact at around 1,500 cases. Other countries targeted include India, Spain, Russia, Italy, and Germany.
Efimer, first detected in October 2024, is designed to steal and replace cryptocurrency wallet addresses. Initially spread via hacked WordPress websites, the malware began using phishing emails in June 2025. Attackers impersonate legal firms and send threats of lawsuits over alleged domain name patent violations, luring recipients into downloading the trojan.
According to Kaspersky threat researcher Artyom Ushkov, the malware uses two tactics: torrent files disguised as popular movies to reach private users, and fraudulent legal notices for corporate targets. Infection occurs only if the malicious file is downloaded and executed.
Kaspersky urges users to avoid suspicious downloads, verify email senders, update antivirus software, and enable strong security measures such as two-factor authentication. Developers and website administrators are also advised to secure their infrastructure to prevent malware propagation.
– CAJ News
