Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
LOLBas and CMD are the main methods of attackers in this operation.
BlackBerry has revealed a new cybercrime campaign targeting Spanish-and Portuguese-speaking residents of Mexico, Peru and Portugal. The attackers 'goal is to gain access to victims' online banking and steal their funds.
According to the researchers, hackers use tactics such as LOLBaS attacks , as well as command-line scripts to perform their malicious actions. The campaign was dubbed "Operation CMDStealer" and attributed to a Brazilian cybercrime group.
The main method of infecting victims is social engineering based on phishing. Hackers send emails in Spanish or Portuguese with trap files related to taxes or traffic violations. The HTML file attached to the emails contains obfuscated code to download the next stage of the attack from the hackers ' remote server as a RAR archive.
The RAR archive includes a CMD script, which, in turn, contains an AutoIt script that loads VBScript to steal password data from the Microsoft Outlook mail client, as well as a web browser. Here is such a" sandwich " of scripts prepared by hackers. And all the collected information is transmitted to the cybercriminals ' server using the HTTP POST method.
"LOLBaS and CMD-based scripts help attackers avoid detection by traditional security tools. The scripts use built-in Windows tools and commands, allowing hackers to evade endpoint protection solutions (EPP) and bypass security systems," BlackBerry noted.
"Based on the configuration used to attack victims in Mexico, hackers are interested in the business accounts that usually have the highest cash flow," the researchers added.
According to experts, such cybercrime campaigns often pose a serious threat to the security and financial well-being of both ordinary users of banking services and entire organizations. Therefore, the main recommendations to avoid becoming a victim of such attacks are to be vigilant and use reliable protection tools against phishing and malware
BlackBerry has revealed a new cybercrime campaign targeting Spanish-and Portuguese-speaking residents of Mexico, Peru and Portugal. The attackers 'goal is to gain access to victims' online banking and steal their funds.
According to the researchers, hackers use tactics such as LOLBaS attacks , as well as command-line scripts to perform their malicious actions. The campaign was dubbed "Operation CMDStealer" and attributed to a Brazilian cybercrime group.
The main method of infecting victims is social engineering based on phishing. Hackers send emails in Spanish or Portuguese with trap files related to taxes or traffic violations. The HTML file attached to the emails contains obfuscated code to download the next stage of the attack from the hackers ' remote server as a RAR archive.
The RAR archive includes a CMD script, which, in turn, contains an AutoIt script that loads VBScript to steal password data from the Microsoft Outlook mail client, as well as a web browser. Here is such a" sandwich " of scripts prepared by hackers. And all the collected information is transmitted to the cybercriminals ' server using the HTTP POST method.
"LOLBaS and CMD-based scripts help attackers avoid detection by traditional security tools. The scripts use built-in Windows tools and commands, allowing hackers to evade endpoint protection solutions (EPP) and bypass security systems," BlackBerry noted.
"Based on the configuration used to attack victims in Mexico, hackers are interested in the business accounts that usually have the highest cash flow," the researchers added.
According to experts, such cybercrime campaigns often pose a serious threat to the security and financial well-being of both ordinary users of banking services and entire organizations. Therefore, the main recommendations to avoid becoming a victim of such attacks are to be vigilant and use reliable protection tools against phishing and malware
