A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Manufacturing Cybersecurity Case Studies
February 17, 2021
Manufacturing is a large industry that plays an important role in the world economy and is closely linked to our daily lives. They produce a variety of products, such as automobiles and semiconductors, industrial equipment, steel, oil, cement, food and pharmaceuticals. Each company has a different environment and different cybersecurity challenges. Trend Micro classifies their ...
- Singtel breach compromises data of customers, former employees
February 17, 2021
Singtel has confirmed that personal details of 129,000 customers, as well as financial information of its former employees, have been compromised in a security breach that involved a third-party file-sharing system. Credit card details belonging to the staff of a corporate client and information tied to 23 enterprises, including suppliers and partners, also have been ...
- Rising healthcare breaches driven by hacking and unsecured servers
February 17, 2021
2020 was a bad year for healthcare organizations in the U.S., which had to deal with a record-high number of cybersecurity incidents on the backdrop of the COVID-19 pandemic. Hacking and IT incidents affected the industry to a larger extent last year, accounting for more than 67% of all breaches and exposed the personal data of ...
- Masslogger Swipes Microsoft Outlook, Google Chrome Credentials
February 17, 2021
Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and Turkey starting in mid-January. When the Masslogger variant launched its infection chain, it disguised its malicious ...
- U.S. Accuses North Korean Hackers of Stealing Millions
February 17, 2021
The U.S. Department of Justice has indicted three North Korean computer programmers for their alleged participation in widespread, destructive cyberattacks as part of the advanced persistent threat (APT) known as Lazarus Group. The indictment broadens the scope of crimes that the DoJ has linked to Lazarus Group (and by extension, to North Korea). The feds also ...
- Kia Motors America suffers ransomware attack, $20 million ransom
February 17, 2021
Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. Kia Motors America (KMA) is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary. KMA has nearly 800 dealers in the USA with cars and SUVs manufactured out of West ...