A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware attacks now to blame for half of healthcare data breaches
January 15, 2021
Almost half of all data breaches in hospitals and the wider healthcare sector are as a result of ransomware attacks according to new research. Ransomware gangs are increasingly adding an extra layer of extortion to attacks by not only encrypting networks and demanding hundreds of thousands or even millions of dollars in bitcoin to restore them, ...
- Hackers leak stolen Pfizer COVID-19 vaccine data online
January 12, 2021
The European Medicines Agency (EMA) today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. EMA is a decentralized agency responsible for reviewing and approving COVID-19 vaccines, as well as for evaluating, monitoring, and supervising any new medicines introduced to the EU. “The ongoing investigation of the cyberattack ...
- Europol: World’s Largest Illegal Dark Web Marketplace Taken Down
January 12, 2021
DarkMarket, the world’s largest illegal marketplace on the dark web, has been taken offline in an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom (the National Crime Agency), and the USA (DEA, FBI, and IRS). Europol supported the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the countries ...
- New Zealand Reserve Bank breached using bug patched on Xmas Eve
January 12, 2021
A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. Over the weekend, the Reserve Bank disclosed that they suffered a data breach after an attacker hacked a third-party file sharing service containing sensitive data. In a new advisory ...
- Free decrypter released for victims of Darkside ransomware
January 11, 2021
Cybersecurity firm Bitdefender has released today a free tool that can help victims of the Darkside ransomware recover their encrypted files for free, without paying the ransom demand. The tool, available for download from the Bitdefender site, along with usage instructions, gives hope to companies that had important files locked and ransomed by one of today’s ...
- UK: Fake NHS text asks for bank details in return for coronavirus vaccine
January 8, 2021
People are being warned about a fake NHS text which is demanding bank details from people waiting for a coronavirus vaccine. Liverpool City Council said in a “scam alert” that the message had been “circulating”, advising people they were eligible for a COVID-19 jab. The National Police Chiefs’ Council (NPCC) also tweeted a warning, reminding those waiting ...