Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,175
- Points
- 113
The mining, manufacturing, hotel and utility industries are under attack.
Since February 2024, Spanish-speaking users have been targeted by a new phishing campaign spreading a remote access Trojan (RAT) called Poco RAT. The attacks target companies in the mining, manufacturing, hotel and utility industries located in Latin American countries.
The malware code focuses on bypassing analysis, communicating with the command server (C2), and uploading files, while collecting data and accounts is not a priority. This is reported by Cofense, a company specializing in cybersecurity.
The infection starts with phishing messages containing links to 7-Zip archives hosted on Google Drive. Other distribution methods include using HTML or PDF files embedded in emails or uploaded via Google Drive links. In this case, the legitimate Google Drive service is used not accidentally, but intentionally to bypass email protection systems (Secure Email Gateway, SEG).
The HTML and PDF files used in the attack, in turn, also contain a link, clicking on which leads to downloading an archive containing the malware executable file. Once launched, the Poco RAT trojan, written in Delphi, establishes persistence on the infected computer and communicates with the C2 server to deliver additional malicious modules. The trojan's name is associated with the use of the POCO C++libraries.
The use of Delphi indicates that the attack is aimed at Latin America, where banking Trojans in this language are often used. This assumption is further confirmed by the fact that the C2 server does not respond to requests from computers that are not located in this region.
This case clearly demonstrates how cybercriminals adapt their methods to specific regions and language groups. Using the Spanish language and targeting Latin American companies shows that hackers are increasingly using a localized approach to improve the effectiveness of attacks.
Organizations around the world must continually improve their cybersecurity and train employees, focusing on threats specific to their geographic location and industry. Global cooperation in the field of cybersecurity is becoming a key factor in countering such targeted attacks.
Source
Since February 2024, Spanish-speaking users have been targeted by a new phishing campaign spreading a remote access Trojan (RAT) called Poco RAT. The attacks target companies in the mining, manufacturing, hotel and utility industries located in Latin American countries.
The malware code focuses on bypassing analysis, communicating with the command server (C2), and uploading files, while collecting data and accounts is not a priority. This is reported by Cofense, a company specializing in cybersecurity.
The infection starts with phishing messages containing links to 7-Zip archives hosted on Google Drive. Other distribution methods include using HTML or PDF files embedded in emails or uploaded via Google Drive links. In this case, the legitimate Google Drive service is used not accidentally, but intentionally to bypass email protection systems (Secure Email Gateway, SEG).
The HTML and PDF files used in the attack, in turn, also contain a link, clicking on which leads to downloading an archive containing the malware executable file. Once launched, the Poco RAT trojan, written in Delphi, establishes persistence on the infected computer and communicates with the C2 server to deliver additional malicious modules. The trojan's name is associated with the use of the POCO C++libraries.
The use of Delphi indicates that the attack is aimed at Latin America, where banking Trojans in this language are often used. This assumption is further confirmed by the fact that the C2 server does not respond to requests from computers that are not located in this region.
This case clearly demonstrates how cybercriminals adapt their methods to specific regions and language groups. Using the Spanish language and targeting Latin American companies shows that hackers are increasingly using a localized approach to improve the effectiveness of attacks.
Organizations around the world must continually improve their cybersecurity and train employees, focusing on threats specific to their geographic location and industry. Global cooperation in the field of cybersecurity is becoming a key factor in countering such targeted attacks.
Source
