Security News > 2021 > July > Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America
Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims.
Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across manufacturing, construction, healthcare, software services, and retail sectors.
In a continuing resurgence of the Bandook Trojan, Check Point last year disclosed three new samples - one of which supported 120 commands - that were utilized by the same adversary to hit government, financial, energy, food industry, healthcare, education, IT, and legal institutions located in Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the U.S. The latest attack chain commences with prospective victims receiving malicious emails with a PDF attachment, which contains a shortened URL to download a compressed archive hosted on Google Cloud, SpiderOak, or pCloud and the password to extract it.
Extracting the archive reveals a malware dropper that decodes and injects Bandook into an Internet Explorer process.
Interestingly, the latest variant of Bandook analyzed by ESET contains 132 commands, up from the 120 commands reported by Check Point, implying that the criminal group behind the malware are advancing their malicious tools with improved capabilities and striking power.
"Also, if we consider the modifications made to the malware over the years, it shows us the interest of cybercriminals to keep using this piece of malware in malicious campaigns, making it more sophisticated and more difficult to detect."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/pNIEaPaozbE/experts-uncover-malware-attacks.html
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Ande Loader Malware Targets Manufacturing Sector in North America (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)