A cybercriminal gang has put together a phishing campaign that utilizes several trusted sources, along with insider help from a top tier security company service to convince its victims to open and download a malicious attachment.
Cofense Intelligence found the malicious actors, who are only targeting Brazilians, are extensively using trusted names, legitimate Windows services and the Cloudflare Workers to inject the Astaroth trojan with the aim of stealing banking credentials. However, despite the effort put forth by the gang Cofense researchers said the attacks can be stopped if the proper precautions, both human and technical, are in place.
The current campaign is sending emails only in Portuguese pretending to be either an invoice, show ticket or civil lawsuit. In each case the body of the email is socially engineered to convince the recipient to open and then download the attached .htm file.
Once the .htm file is downloaded a .zip archive geo-fenced to Brazil and containing malicious .LNK file is dropped. The insider threat is then used when the .LNK file downloads a JavaScript from a ..
Support the originator by clicking the read the rest link below.
