Man
Professional
- Messages
- 2,956
- Reaction score
- 477
- Points
- 83
Malicious attachments hide much more than it seems at first glance.
Researchers from Trend Micro have discovered a new wave of phishing attacks targeting users in Brazil. The attackers are using the Astaroth Trojan, known as a banking data infostealer, as part of a phishing campaign called Water Makara.
Criminals send emails with attached files that are disguised as tax documents. These emails contain ZIP archives that activate malicious JavaScript scripts when users run them through the «mshta.exe utility."
The main targets of the attack are companies in various sectors in Brazil, including industry, retail, and government agencies. The malware spreads through social engineering, forcing victims to download archives with malicious files disguised as tax documents.
One of the key elements of the attack is the use of obfuscated JavaScript to execute commands covertly. This method helps criminals avoid detection and establish a connection with the C&C server for further action.
ZIP archives contain LNK files with built-in malicious commands. These files activate JavaScript when launched, which downloads malicious objects from the attackers' servers. Researchers noticed that this campaign uses a variety of file formats - from PDF and JPEG to MP4 and GIF, which helps hackers bypass defense mechanisms.
The main goal of the attack is to collect confidential user data, including credentials for accessing banking systems. Although Astaroth has long been known in the world of cyber threats, its ongoing evolution makes this Trojan particularly dangerous.
To combat the threat, Trend Micro experts recommend using modern security methods, including regular software updates, multi-factor authentication, and cybersecurity training for employees.
Source
Researchers from Trend Micro have discovered a new wave of phishing attacks targeting users in Brazil. The attackers are using the Astaroth Trojan, known as a banking data infostealer, as part of a phishing campaign called Water Makara.
Criminals send emails with attached files that are disguised as tax documents. These emails contain ZIP archives that activate malicious JavaScript scripts when users run them through the «mshta.exe utility."
The main targets of the attack are companies in various sectors in Brazil, including industry, retail, and government agencies. The malware spreads through social engineering, forcing victims to download archives with malicious files disguised as tax documents.
One of the key elements of the attack is the use of obfuscated JavaScript to execute commands covertly. This method helps criminals avoid detection and establish a connection with the C&C server for further action.
ZIP archives contain LNK files with built-in malicious commands. These files activate JavaScript when launched, which downloads malicious objects from the attackers' servers. Researchers noticed that this campaign uses a variety of file formats - from PDF and JPEG to MP4 and GIF, which helps hackers bypass defense mechanisms.
The main goal of the attack is to collect confidential user data, including credentials for accessing banking systems. Although Astaroth has long been known in the world of cyber threats, its ongoing evolution makes this Trojan particularly dangerous.
To combat the threat, Trend Micro experts recommend using modern security methods, including regular software updates, multi-factor authentication, and cybersecurity training for employees.
Source
