Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

In Brazil the PIX payment system is becoming more and more popular. Unsurprisingly, cybercriminals are jumping on the bandwagon, trying to abuse the system for their profit. A good example of this is GoPIX, a malware campaign that has been active since December 2022.

The attack cycle begins when a potential victim searches for “WhatsApp web”. The cybercriminals employ malvertising: their links are placed in the ad section of the search results, so the user sees them first. If they click such a link, a redirection follows, with the user ending up on the malware landing page. Then something interesting takes place: the criminals use a fraud prevention solution, IP Quality Score, to determine whether the visitor is a real user or a bot.

Read more…
Source: Kaspersky