A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Stone Wolf employs Meduza Stealer to hack Russian companies
September 2, 2024
BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf. The adversaries send out phishing emails on behalf of a legitimate provider of industrial automation solutions. The goal of the attackers is to deliver Meduza Stealer ...
- Head Mare: adventures of a unicorn in Russia and Belarus
September 2, 2024
Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles. By analyzing incidents in Russian companies, Kaspersky researchers ...
- Cyber security in critical industries: challenges, solutions, and the road ahead
August 30, 2024
In an era of rapid digital transformation, cyber security has emerged as a paramount concern, particularly for critical industries such as energy, healthcare, and transportation. As we approach the IET’s Cyber Security for Critical Industries 2024 conference, it is essential to delve into the latest cyber security challenges and explore how building resilient and responsive ...
- North Korean threat actor Citrine Sleet exploiting Chromium zero-day
August 30, 2024
On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain. Microsoft ...
- Chennai bomb threat mails: Serious setback for police as Microsoft refuses to share vital information
August 30, 2024
Chennai cybercrime police has faced a serious setback in its investigations into the more than three dozen hoax bomb emails sent to schools, colleges, and the airport, ToI reported on August 30. Microsoft has refused to share crucial information regarding the mails, the report by ToI’s A Selvaraj said. These emails, the latest of which coincided ...
- 85 cyber attacks on Việt Nam’s sites, portals last week
August 30, 2024
A total of 85 cases of cyber attacks on Việt Nam’s websites and information portals were reported in the past week, according to the Authority of Information Security (under the Ministry of Information and Communications). Seventy four were phishing attacks and eleven were malware installations. According to the information security authority, attackers have been using malicious ...