A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs.
To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Identifying Rogue AI
September 19, 2024
For many – certainly given the share price of some leading proponents – the hype of AI is starting to fade. But that may be about to change with the dawn of agentic AI. It promises to get humanity far closer to the ideal of AI as an autonomous technology capable of goal-oriented problem solving. But ...
- Zooming in on CVE‑2024‑7965
September 19, 2024
On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attention to the CVE‑2024‑7965 vulnerability described as an inappropriate implementation in the browser’s V8 engine. The vulnerability can lead to remote code execution (RCE) in the Chrome renderer and thus become a starting point ...
- Cyber attack on city of Wichita limited to police records, internal investigation finds
September 19, 2024
A ransomware attack that crippled the city of Wichita’s network for more than a month starting in May was limited to a Wichita Police Department records system, city officials said Wednesday. That means the Russian hacker group — LockBit — that claimed credit for the attack did not access bank card numbers, social security numbers or ...
- Hacker claims to have for sale 87 million strong database after suspected Temu breach
September 18, 2024
A cybercriminal claims to have breached Temu and stolen millions of customer records, but the ecommerce giant is vehemently denying the claims. A hacker with the alias ‘smokinthashit’ took to BreachForums, one of the most popular underground forums out there, and advertised a new database, allegedly stolen from the company. “Temu company database for sale. +87M ...
- Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers
September 18, 2024
The Justice Department today announced a court-authorized law enforcement operation that disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide. As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity ...
- Almost 500GB of data allegedly leaked in RansomHub attack on Kawasaki
September 18, 2024
Kawasaki Motors Europe (KME) recently released a statement confirming it was the victim of a cyber attack. The attack caused significant service disruptions as the cybercriminals threatened to release stolen data. KME confirmed, “At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyberattack which, although not successful, resulted in the company’s ...