A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Global Cybersecurity Report Reveals Misaligned Incentives, Executive Overconfidence Create Advantages for Attacker
March 1, 2017
Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), today released “Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity,” a global report and survey revealing three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation ...
- Even bakeries get hit by hackers, top insurer warns ‘ill-equipped’ small businesses
February 27, 2017
Bakers are not immune from the hacking epidemic spreading across Europe, a top insurer has warned. Hiscox boss Bronek Masojada said small businesses faced just as much risk as large ones from cyber crime – but many did not have the resources to combat it. He said that in one case, a German bakery was targeted by ...
- Treason charges against Russian cyber experts linked to seven-year-old accusation
February 26, 2017
Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to the businessman and a source connected with the investigation. They said the arrests concern allegations that the suspects passed secrets to U.S. firm Verisign and other ...
- A guided tour of the cybercrime underground
February 23, 2017
One of the strange features of cybercrime is how much of it is public. A quick search will turn up forums and sites where stolen goods, credit cards and data are openly traded. But a glance into those places may not give you much idea about what is going on. “Everyone can join as long as you speak ...
- New TeamSpy Malware Campaign Turns TeamViewer into Spy Tool
February 20, 2017
TeamSpy is back and it’s turning TeamViewer into the spying tool that no one wants. According to security firm Heimdal, a new spam campaign emerged over the weekend, carrying the TeamSpy malware which can give hackers full access to a compromised computer. This isn’t a new type of malware whatsoever. In fact, back in 2013, it was ...
- Europol and Global Cyber Alliance team up to fight cyber-crime
January 30, 2017
Europol and the Global Cyber Alliance (GCA) have signed a Memorandum of Understanding (MoU) to cooperate on decreasing systemic cyber-risk and improving internet security throughout Europe and beyond. As part of the MoU, Europol and GCA will fight cyber-crime through the exchange of information on cyber-crime trends and joint international projects to increase cyber-security. To this end, ...