A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Operation Ironside has confiscated AU$31 million of assets so far
September 27, 2021
Australian Federal Police (AFP) has so far seized over AU$31 million of assets through Operation Ironside, the message decryption sting operation that was labelled as the country’s “most significant operation in policing history”. The update was provided as part of an AFP announcement that it made its first multi-million cash forfeiture as part of the sting ...
- BloodyStealer and gaming assets for sale
September 27, 2021
Earlier this year, Kaspersky researchers covered the threats related to gaming, and looked at the changes from 2020 and the first half of 2021 in mobile and PC games as well as various phishing schemes that capitalize on video games. Many of the threats faced by gamers are associated with loss of personal data, and ...
- United Health Centers ransomware attack claimed by Vice Society
September 24, 2021
California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties. On August 31st, BleepingComputer was told by a source in the cybersecurity industry that United ...
- Zloader malware is being spread through malicious Google ads
September 24, 2021
The malware is a key part of the cybercrime industry and recently popped up on the radar of Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA). CISA yesterday warned that ZLoader was being used to distribute the Conti ransomware service, which pays ransomware distributors a wage rather than a commission for new infections. Read more… Source: ...
- How REvil May Have Ripped Off Its Own Affiliates
September 22, 2021
There’s no honor between thieves, but this is beyond rude: Malware specialists have found evidence of how REvil’s leadership may have screwed their own affiliates out of their cut of ransomware payouts. Malware specialists researching newly available samples from REvil – aka Sodinokibi, a once-major, now sort-of reborn ransomware-as-a-service (RaaS) player – have identified a backdoor ...
- CISA, FBI, and NSA Release Conti Ransomware Advisory To Help Organizations Reduce Risk Of Attack
September 22, 2021
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps that public and private sector organizations can take to reduce their risk to this ransomware. CISA ...