A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Australian govt warns of escalating LockBit ransomware attacks
August 8, 2021
The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. “ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia,” Australia’s cybersecurity agency said in a security alert issued on Thursday. Read more… Source: Bleeping Computer
- Angry Affiliate Leaks Conti Ransomware Gang Playbook
August 6, 2021
An apparently vengeful affiliate of the Conti Gang has leaked the playbook of the ransomware group after alleging that the notorious cybercriminal organization underpaid him for doing its dirty work. A security researcher shared a comment from an online forum allegedly posted by someone who did business with Conti that included information integral to its ransomware-as-as-service ...
- How Social Norms Can Be Exploited by Scammers on Social Media
August 5, 2021
Social media platforms are excellent hunting grounds for scammers. This is where we connect with our friends or people who we have something in common with. This is precisely what scammers exploit—our connections and the trust that is afforded between friends or acquaintances. From an early age, we are taught to be kind and compassionate as ...
- Ransomware attack hits Italy’s Lazio region, affects COVID-19 site
August 4, 2021
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region’s IT systems, including the COVID-19 vaccination registration portal. Early Sunday morning, the Lazio region suffered a ransomware attack that encrypted every file in its data center and disrupted its IT network. “The attack blocked almost every file in the data center. ...
- DarkSide ransomware gang returns as new BlackMatter operation
July 31, 2021
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. After conducting an attack on Colonial Pipeline, the US’s largest fuel pipeline, and causing fuel shortages in the southeast of the USA, the DarkSide ransomware group faced ...
- Phishing Attacks Often Target Small Businesses – Here’s What to Watch for
July 29, 2021
Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is easier for a scammer to do a bit of research online and identify the right ...