A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers emit 9GB of stolen Macron ’emails’ two days before French presidential election
May 6, 2017
Emmanuel Macron, the front-runner in France’s presidential election, has condemned the online leakage of what’s alleged to be his campaign staff’s emails. A 9GB cache of internal documents was dumped onto the Magnet file-sharing network on Friday night, less than two days before the French people go to the polls on Sunday. These archives landed just before ...
- Debenhams Data Breach Affects 26K Customers, Payment Details Exposed
May 5, 2017
Personal data of up to 26,000 people was exposed due to a data breach affecting customers of Debenhams Flowers, the retailer’s florist arm. According to Debenhams, the site is actually operated by Ecomnova, which is a third-party supplier. Therefore, customers of other services it provides have not been affected in any way. On the other hand, Ecomnova ...
- An Army of Thousands of Hacked Servers Found Mining Cryptocurrencies
May 4, 2017
A new botnet consisting of more than 15,000 compromised servers has been used to mine various cryptocurrencies, earning its master around $25,000 per month. Mining cryptocurrencies can be a costly investment, as it requires an enormous amount of computing power, but cybercriminals have found an easy money-making solution. Dubbed BondNet, the botnet was first spotted in December ...
- After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts
May 3, 2017
Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. These shortcomings can be potentially abused to, for example, redirect people’s calls and text messages to miscreants’ devices. Now we’ve seen the first case of crooks exploiting the ...
- Don’t click that Google Docs link! Gmail hijack mail spreads like wildfire
May 3, 2017
If you get an email today sharing a Google Docs file with you, don’t click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker. The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to ...
- Hundreds of Fake UK Bank Sites Exposed, Pose High Risk for Customers
May 3, 2017
Hackers have registered over 300 domains with names similar to those of several popular British banks, which they use to trick customers into handing over personal details or login data. According to DomainTools, a company handling domain names and DNS-based cyber threats, 324 such domains were discovered only in relation to banks in the United Kingdom, ...