The FortiMail IR team has uncovered a highly sophisticated email campaign delivering the RATty Remote Access Trojan, exploiting legitimate services like Dropbox, MediaFire, and Ngrok to evade detection. The campaign specifically targets users in Spain, Italy, and Portugal, using invoice-themed phishing emails and geolocation filtering to selectively deliver malware.

‍