A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Why cybersecurity needs more attention from business leaders
April 10, 2017
As businesses have become more dependent on technology, their exposure to cybersecurity threats increases – driving a need for boards and senior management to understand the risks. Cybercrime has grown so much that the Office for National Statistics (ONS) recently began including it in official figures. In 2016, a report from the National Crime Agency found ...
- Symantec Links Espionage Group to CIA via Tools Exposed by WikiLeaks
April 10, 2017
Symantec announced that it had connected at least 40 attacks across 16 countries where tools obtained and exposed by WikiLeaks via the Vault 7 revelations about CIA’s espionage tactics were used. In a lengthy report, Symantec talks about a highly organized group they named Longhorn and which they linked to all these attacks. While stopping short ...
- Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits
April 8, 2017
A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to “Equation ...
- Inside the murky world of hackers for hire
April 8, 2017
Shortly after Christmas, 2011, Ruby Nealon sold the Nintendo Wii games console his mother had bought him to fund an Open University course in computer software. He was 11 and it was the start of his unconventional education as a computer prodigy, which led him to drop out of school and start a full time degree ...
- Finance firms to spend more on security as concern over cyber crime soars
April 5, 2017
Over 80pc of financial services firms plan to pump cash into cybersecurity this year, almost double that of last year as fears over cyber attacks swell. Corporate adviser Duff & Phelps, which analysed 200 executives in Europe, Hong Kong and the US, said 86pc of financial services firms intend to spend more time and money on cybersecurity this year. That’s a significant increase on last year, ...
- Lazarus APT Spinoff Linked to Banking Hacks
April 3, 2017
The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted ...