A brand new spear-phishing marketing campaign focusing on Brazil has been discovered delivering a banking malware referred to as Astaroth (aka Guildma) by making use of obfuscated JavaScript to slide previous safety guardrails.
“The spear-phishing marketing campaign’s influence has focused varied industries, with manufacturing firms, retail corporations, and authorities businesses being essentially the most affected,” Pattern Micro mentioned in a brand new evaluation.
“The malicious emails usually impersonate official tax paperwork, utilizing the urgency of private revenue tax filings to trick customers into downloading the malware.”
The cybersecurity firm is monitoring the risk exercise cluster underneath the identify Water Makara. It is price declaring that Google’s Risk Evaluation Group (TAG) has assigned the moniker PINEAPPLE to the same intrusion set that delivers the identical malware to Brazilian customers.
Each these campaigns share a degree of commonality in that they start with phishing messages that impersonate official entities similar to Receita Federal and goal to trick recipients into downloading a ZIP archive attachment that masquerades as revenue tax paperwork.
Current inside the dangerous ZIP file is a Home windows shortcut (LNK) that abuses mshta.exe, a reliable utility meant to run HTML Software information, execute obfuscated JavaScript instructions and set up connections to a command-and-control (C2) server.
“Whereas Astaroth may appear to be an previous banking trojan, its reemergence and continued evolution make it a persistent risk,” the researchers mentioned.
“Past stolen information, its influence extends to long-term harm to shopper belief, regulatory fines, and elevated prices from enterprise disruption and downtime in addition to restoration and remediation.”
To mitigate the chance posed by such assaults, it is advisable to implement sturdy password insurance policies, use multi-factor authentication (MFA), hold safety options and software program up to date, and apply the precept of least privilege (PoLP).
