A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fonix ransomware shuts down and releases master decryption key
January 29, 2021
The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. Fonix Ransomware, also known as Xinof and FonixCrypter, began operating in June 2020 and has been steadily encrypting victims since. The ransomware operation was not as widely active as others, such as REvil, Netwalker, ...
- Post Office Phishing Hits Credit Card Users in 26 Countries
January 28, 2021
Phishing remains a popular and effective tactic that malicious actors continue to deploy against internet users. The current retail climate brought about by the global health crisis has only worsened the problem. Many countries across the globe have seen a surge in online shopping, and malicious actors are quick to deploy campaigns that take advantage ...
- Pro-Ocean: Rocke Group’s New Cryptojacking Malware
January 28, 2021
In 2019, Unit 42 researchers documented cloud-targeted malware used by the Rocke Group to conduct cryptojacking attacks to mine for Monero. Since then, cybersecurity companies have had the malware on their radar, which hampered Rocke Group’s cryptojacking operation. In response, the threat actors updated the malware. Here, we uncover a revised version of the same cloud-targeted ...
- New cybercrime tool can build phishing pages in real-time
January 28, 2021
A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time to adapt to targeted victims. Named LogoKit, this phishing tool is already deployed in the wild, according to threat intelligence firm RiskIQ, which has been tracking its evolution. The company said it already identified LogoKit installs on ...
- World’s Most Dangerous Malware Emotet Disrupted Through Global Action
January 27, 2021
Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, ...
- US Department of Justice Launches Global Action Against NetWalker Ransomware
January 27, 2021
The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker. NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the ...