A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak
August 30, 2021
Bangkok Airways has apologized for a data breach involving passport information and other personal data in a statement to customers. The company said that it discovered a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system” on August 23. The statement said the company is “deeply sorry for the worry and inconvenience that ...
- Fujitsu says stolen data being sold on dark web ‘related to customers’
August 30, 2021
Data from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo, but the company said the information “appears related to customers” and not their own systems. On August 26, Marketo wrote on its leak site that it had 4 GB of stolen data and was selling it. They provided ...
- Cloudflare says it stopped the largest DDoS attack ever reported
August 27, 2021
Cloudflare said it’s system managed to stop the largest reported DDoS attack in July, explaining in a blog post that the attack was 17.2 million requests-per-second, three times larger than any previous one they recorded. Cloudflare’s Omer Yoachimik explained in a blog post that the company serves over 25 million HTTP requests per second on average ...
- Ransomware: It’s only a matter of time before a smart city falls victim, and we need to take action now
August 27, 2021
Ransomware attacks are going to get worse – and one could eventually take out the infrastructure of an entire 5G-enabled smart city, a cybersecurity expert has warned. Cyber criminals deploying ransomware regularly target government services. Not only do public sector IT budgets mean networks are less secure against attacks, but said networks are also used to ...
- Ragnarok ransomware releases master decryptor after shutdown
August 26, 2021
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files The leak ...
- FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia
August 26, 2021
The FBI has released an alert about the Hive ransomware after the group took down Memorial Health System last week. The alert explains that Hive is an affiliate-operated ransomware first seen in June that deploys “multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol to move ...