Weekly report by the TG Soft CRAM, concerning Italian malspam campaigns.

Below are the details of the campaigns released during from 01 December to 07 December 2025.

During the monitored week, global campaigns decreased compared to the previous week, while campaigns in Italian increased.The week was characterized by Password Stealer of the Familiies: AgentTesla, PhantomStealer, Remcos, VIPKeylogger, and XWormRAT.

The blue bar shows the total number of campaigns monitored in Italy in each week, while the red bar concerns campaigns in Italian (and targeting Italy).

We monitored 29 campaigns during the week, 10 of which used Italian as their language.

In order to understand how the various weeks are divided, below is a small table showing the breakdown of the considered period:

During the week, the peak in global campaigns was recorded on Monday 01 December, with 13 different campaigns per day. The peak in Italian campaigns was recorded on Monday 01 December, with 5 campaigns per day, as shown in the graph below:

In the following chart we see the malware families spread globally for each day of the week:

Instead in this graph we see the distribution based on malware family. In the past week 8 different families were detected:

The samples that ranked first this week are Script files with 58.62%.
In second place are WIN32 executable files with 13.79%.
In third place are AutoIT executable files with 10.34%.

In the chart below we can see the various types of language used to develop malware:

In the following graph we see the distribution of the various types of languages divided by day:

Check out the November campaigns

We invite you to check out the November 2025 reports, to stay up-to-date on the malspam campaigns circulating in Italy: