The domain of deception: Attackers deploy spyware under the guise of legal threats

Kaspersky has detected a rapidly escalating malicious campaign that has targeted over 1,100 corporate users since June 2025. The attackers pose as a legal firm and in their emails threaten recipients with lawsuits over alleged domain name patent violations, aiming to deploy malware. Victims who opened and launched the attached files – that mimicked legal documents – had a Trojan installed on their devices, and the attackers could spy on the content of their screens. Organizations across healthcare, finance, and education sectors have been targeted.
The campaign began with 95 emails on June 11 and has since continued to escalate. Apart from claiming that the recipient’s domain name violates patented combinations of a major brand and threatening litigation, in the email the fake legal bureau also expresses the patent holders’ interest in acquiring the domain and offers getting acquainted with the details of the alleged violations by opening the attached archive with “documents”. It is worth noting that the attackers, likely to avoid detection, attach an archive that is not password protected, and inside it includes another archive that is password protected and a file containing the password along with it.

An example of the malicious email
After the user entered the archive password and clicked on the alleged legal document inside, a Trojan was installed on the device. The user saw a message displayed that read, “This document cannot be opened on this device. Try opening it on another windows device,” and simultaneously the Tor Browser was covertly downloaded and installed in the background. Through it, the malware regularly sent snapshots of the user’s screen to the attackers over the Tor network. The malware also autostarts whenever the computer is restarted.
“This campaign is a sophisticated blend of psychological manipulation and technical deception, leveraging fear of legal action to coerce businesses into executing harmful files hidd en in attached archives. Its rapid growth since June 11 underscores the urgency for organizations to bolster defenses. Victims face the risk of losing their private data. Robust email security, employee training, and swift incident reporting are essential to counter this evolving threat,” comments Anna Lazaricheva, spam analyst at Kaspersky.
Kaspersky recommends corporate and individual users:
• Be careful when interacting with attachments. Do not open any attached archives (including those that are password-protected) that look suspicious. Do not run executable files, as they may deploy malware.
• Try to verify sender authenticity, confirm the legitimacy of any legal claims or entities mentioned in unsolicited emails.
• Implement endpoint protection to detect and block attack attempts.
• Educate staff on recognizing attack tactics.
• Immediately notify IT or cybersecurity teams if any files that have been attached to suspected phishing emails have been opened.

Related Posts

Thndr Recognized by World Economic Forum as 2025Technology Pioneer The only Egyptian and North African company among the 2025

British Council’s Deep Dialogues Brings Together Delegates from Egypt, Tunisia and Saudi Arabia in Cardiff

Commvault Convenes Egypt’s Cybersecurity Leaders at SHIFT Cairo

Dubai Launches Landmark Initiative Further Enabling First-Time Homeownership

Noise-Free Conversations and Lush Soundscapes: Meet the HUAWEI FreeBuds 6

Raya Electronics Expands Strategic Partnership with Lenovo and Microsoft

Chestertons Unites Global Network in London to Reinforce Cross-Border Real Estate Momentum

Rock Developments unveils Rock Green project in New Heliopolis with EGP 7bn investment

آخر الأخبار
مصر تدين التصريحات الإسرائيلية بشأن فرض السيادة على الضفة الغربية مجلس النواب يوافق نهائيًا على مشروع قانون بشأن بعض الأحكام المتعلقة بقوانين إيجار الأماكن وإعادة تنظ... أحمد مجاهد .. رئيساً لقطاع سيارات (ألفا روميو ، جيب ، و DS ) بمجموعة عز العرب للسيارات وزير قطاع الأعمال العام يلتقي وفدًا من شركة "GS E&C" الكورية الجنوبية لبحث فرص التعاون وزير الإسكان يتابع سير العمل بالمشروعات التنموية الجاري تنفيذها بمدينة السويس الجديدة برجيل القابضة وريسبونس بلس القابضة تطلقان جائزة الصحة والعافية للطاقة البشرية في قطاع الطاقة وزير الكهرباء يجتمع بالنائب الأول لمدير عام المؤسسة الحكومية الروسية للطاقة الذرية "روسآتوم " رئيس ش... The domain of deception: Attackers deploy spyware under the guise of legal threats وزير البترول يقوم بزيارة ميدانية لميناء الدخيلة بالإسكندرية لتفقد إتمام أعمال التجهيزات النهائية بوح... كاسبرسكي تكشف عن حملة خداع تستخدم للتجسس تحت ستار التهديدات القانونية معهد الدراسات التقنية والمهنية بـ"الأكاديمية العربية" يحافظ على الاعتماد الدولي لـ "بيرسون" للعام ال... وزيرة التضامن الاجتماعي تلتقي المديرة التنفيذية لصندوق " قادرون باختلاف" " عندي حكاية " بودكاست جديد ل ندى إمام قريبا وزير الخارجية يستقبل وزير الرياضة ويلتقى مع مجموعة من الشباب المشاركين فى نموذج محاكاة مجلس الشيوخ المؤسسة البريطانية للاستثمار الدولي BII توقّع عقودًا تتجاوز 300 مليون دولار أمريكي Thndr Recognized by World Economic Forum as 2025Technology Pioneer The only Egyptian and North Afri... اتحاد بنوك مصر يكرّم البنك التجاري الدولي – مصر تقديراً لدور قطاعه القانوني في دعم قضايا القطاع المص... ثاندر تنضم لقائمة “رواد التكنولوجيا لعام 2025” من المنتدى الاقتصادي العالمي أسعار الذهب في مصر تتحرك عرضيًا وترقب لقرار الفائدة British Council’s Deep Dialogues Brings Together Delegates from Egypt, Tunisia and Saudi Arabia in C...