A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- About a quarter million Comcast subscribers had their data stolen from debt collector
October 4, 2024
Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was unaffected by that intrusion. That collections agency, Financial Business and Consumer Solutions aka FBCS, was compromised in February, and according to a filing with ...
- Zimbabwe faces alarming rise in cyber attacks amid bank hacking
October 3, 2024
Zimbabwe has witnessed a significant surge in cyber attacks in recent months, with local entities, including banks, falling victim to hacking, the country’s Minister of Information Communication Technology, Tatenda Mavetera has revealed. Mavetera said the threat is also a local phenomenon, citing recent bank hacks in the country. Mavetera stated that cybercrime is not just a ...
- Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe
October 3, 2024
Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they ...
- Russian Authorities Arrest 96 in Major Money Laundering Operation
October 3, 2024
In a coordinated effort against cybercrime-related money laundering, Russian authorities have made nearly 100 arrests in connection with an extensive criminal operation involving cryptocurrency exchanges and illegal financial activities. The arrests were part of a nationwide crackdown tied to the UAPS payment system and the Cryptex cryptocurrency exchanges, both of which have been linked to cybercriminals ...
- Key Group: another ransomware group using leaked builders
October 1, 2024
Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ...
- Global Cyber Attacks to Double from 2020 to 2024
October 1, 2024
On the first day of Cybersecurity Awareness Month in the U.S., research has revealed that the number of significant global cyber attacks in 2024 will be double that of 2020. A new report from insurer QBE, Connected Business: digital dependency fuelling risk, predicts that organisations will be hit by 211 disruptive and destructive cyber attacks this ...