Emansrepo

Emansrepo is a malicious software (malware) that was first observed by FortiGuard Labs in August 2024. This Python-based infostealer malware primarily spreads through phishing emails containing fake purchase orders and invoices. These emails carry an HTML file that redirects the victim to a download link for Emansrepo. The malware has been active since at least November 2023, with its attack methods continuously evolving over time. The primary function of Emansrepo is to steal information from victims' browsers and specific file paths. It achieves this by compressing the stolen data into a zip file and forwarding it to the attacker's email address. The initial features of Emansrepo were identified in the November 2023 variant (e346f6b36569d7b8c52a55403a6b78ae0ed15c0aaae4011490404bdb04ff28e5), but it only contained code for part 1 of the malware. A comparison between the November 2023 variant of Emansrepo and the first edition of the Prysmax stealer shared on GitHub revealed many similar functions. However, Emansrepo had fewer features than Prysmax. Despite its limited functionality, Emansrepo poses a significant threat due to its stealthy infiltration method and potential to extract sensitive information without the victim's knowledge.