Connect with us

Hi, what are you looking for?


Cyber Insurance

Cybercriminals Target European Automakers With Malware

Small and medium companies in the European automobile sector have been targeted by cybercriminals using a relatively new piece of malware, according to a recent report.

Small and medium companies in the European automobile sector have been targeted by cybercriminals using a relatively new piece of malware, according to a recent report.

Symantec, which revealed the existence of the campaign last week, noticed the attacks on August 3. In the following days, the attackers had sent malicious emails purporting to come from a German company called Technik Automobile GMBH (which doesn’t really exist) to businesses in the automotive aftermarket, and various firms that provide rental services, car insurance, and commercial transport services.

The emails sent out by the attackers instruct recipients to send a list of “used and pre-owned vehicles urgently.” They also point to an attached file that allegedly contains a list of urgently required vehicles. The attached file ( is actually a variant of Carbon Grabber, which Symantec detects as Infostealer.Retgate.

Carbon Grabber, which emerged on hacker forums earlier this year, is designed to capture usernames and passwords from webpages in Chrome, Firefox and Internet Explorer. In July, someone claiming to be the original developed of the crimeware kit claimed the individual who sold Carbon Grabber up to that point was extradited. However, he announced that the project would not be discontinued.

 In the campaign monitored by Symantec, the malicious file is designed to decrypt a different executable file from its body and inject code into the processes of Web browsers and Microsoft Outlook.

“The malware hooks the browser APIs, allowing it to steal information before it is encrypted and sent out to the network. Stolen information may include the user name and password for Outlook and information entered by the user when using a website to log into services such as online banking or internal Web applications for example. The stolen information is then sent to the command-and-control server,” Symantec’s Lionel Payet explained in a blog post.

Advertisement. Scroll to continue reading.

The campaign mainly targets companies located in Germany (38%), the Netherlands (31%), Italy (24%) and the United Kingdom (7%). While 48% of the victims are part of the automobile industry, companies in sectors like public services, charity, financial, energy, research, housing telecom and tourism have also been targeted.

The attackers are sending the malicious emails to the customer service departments of the targeted companies, most likely because these departments have a high level of access within the organization’s network in order to carry out administrative and financial tasks.

“It is yet to be confirmed if the criminals behind the Technik Automobile spam campaign are purely financially motivated. One thing we know for sure is that if the attack is successful, the cybercriminals will have a foothold in the victim’s business,” Payet said.

 It’s not surprising that companies in the automotive industry are increasingly targeted, considering that it’s a rich sector. However, corporate networks are not the only element that needs to be protected against cyberattacks. Recently, numerous security researchers have warned that the computer systems powering modern cars can be hacked. Earlier this month, a group of researchers even sent a letter to the CEOs of car manufacturers, asking them to incorporate cybersecurity safeguards into their products.


Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...