New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

2024-07-11 10:12

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan called Poco RAT since at least February 2024.

Infection chains begin with phishing messages bearing finance-themed lures that trick recipients into clicking on an embedded URL pointing to a 7-Zip archive file hosted on Google Drive.

The HTML files propagating Poco RAT, in turn, contain a link that, upon clicking, leads to the download of the archive containing the malware executable.

The PDF files are no different in that they also contain a Google Drive link that harbors Poco RAT. Once launched, the Delphi-based malware establishes persistence on the compromised Windows host and contacts a C2 server in order to deliver additional payloads.

The development comes as malware authors are increasingly using QR codes embedded with PDF files to trick users into visiting phishing pages that are designed to harvest Microsoft 365 login credentials.

The SMS phishing campaign has been attributed to a Chinese-speaking threat actor called Smishing Triad, which has a history of using compromised or purposefully registered Apple iCloud accounts to send smishing messages for carrying out financial fraud.

News URL

https://thehackernews.com/2024/07/new-poco-rat-targets-spanish-speaking.html

#phishing #RAT #spanish