A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DreamBus botnet targets enterprise apps running on Linux servers
January 25, 2021
Chances are that if you deploy a Linux server online these days and you leave even the tiniest weakness exposed, a cybercrime group will ensnare it as part of its botnet. The latest of these threats is named DreamBus. Analyzed in a report published last week by security firm Zscaler, the company said this new threat is ...
- Hacker leaks data of 2.28 million dating site users
January 24, 2021
A well-known hacker has leaked this week the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher. The dating site’s data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked ...
- Another ransomware now uses DDoS attacks to force victims to pay
January 24, 2021
Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom. In October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims’ network or web site as an extra tool to force them to pay a ransom. At the time, the two ...
- SonicWall firewall maker hacked using zero-day in its VPN device
January 23, 2021
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. On Friday night, ...
- Network Attack Trends: Internet of Threats
January 22, 2021
Unit 42 researchers observed interesting attack trends from August-October 2020. Despite a surge in scanner activities and HTTP directory traversal exploitation attempts, CVE-2012-2311 and CVE-2012-1823, which were the most commonly exploited vulnerabilities in the wild in early summer 2020, are no longer at the top of that list. Several new critical exploits, including but not ...
- Cybercriminals kick-off 2021 with sweepstakes, credit card, delivery scams
January 22, 2021
Trend Micro researches have predicted that this year, cybercriminals will continue to take advantage of Covid-19-related effects and incidents — such as people’s reliance on online purchases and e-services and the increased need for financial assistance — in order to bait victims and steal critical information. Even though new ways of stealing information regularly arise, ...