Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors.
This campaign was orchestrated by the threat actors behind Lampion malware, an infostealer that focuses on sensitive banking information. This malware family has been active since at least 2019. During our investigation, we found that the group has added ClickFix lures to their arsenal. ClickFix is a social engineering technique that multiple malware families have adopted since late 2024, which lures victims to copy and execute malicious commands on their machine, under the guise of fixing computer problems. This campaign follows many of the same patterns as previous Lampion malware activity in terms of targets and infrastructure, as well as tactics, techniques and procedures (TTPs).
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ramnit Changes Shape with Widespread Black Botnet
August 6, 2018
A massive proxy botnet is just the tip of the iceberg, a warning sign of a bigger operation in the works by the Ramnit operators. The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much ...
- U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
August 6, 2018
According to a new report, three United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data. On three separate dates in July, Oracle ...
- Google Project Zero: ‘Here’s the secret to flagging up bugs before hackers find them’
August 3, 2018
Samsung’s utterly confusing vulnerability reporting website has prompted one of Google’s top security researchers to explain how companies should help researchers report bugs and eliminate hackable flaws in products quickly. Google’s Project Zero bug hunter, Natalie Silvanovich, who Microsoft has recognized as a top 10 researcher in the world, has a few tips for vendors of all types ...
- Poor cybersecurity could destabilise increasingly complex energy grids
July 26, 2018
The future of smart energy grids, with automatic management of both supply and demand, is “looking really interesting”, says Phil Kernick, chief technology officer at security firm CQR Consulting. But the current state of the technology and its security is a problem. “The distribution systems and the generation systems were deployed a decade and a half ...
- NetSpectre — New Remote Spectre Attack Steals Data Over the Network
July 26, 2018
A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed “NetSpectre,” the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass ...
- Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT
July 20, 2018
A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create “shortcuts” to various Windows 10 setting pages. “All this file does is open the Control Panel ...