Malware campaign targets users in Latin America

No Comments

malware

A modified version of a threat that first appeared in 2014 is successfully targeting users in Latin America according to the SPEAR research team at threat prevention specialist Cylance.

Attackers using the El Machete malware -- first identified by Kaspersky -- have moved to new C2 (command and control) infrastructure, based largely around dynamic DNS domains, in addition to making some minimal changes to the malware in order to evade signature-based detection.

SPEAR has been able to identify just over 300 unique victims over the past month as well as over 100GB worth of data that was successfully extracted and stored on one of the C2 servers. The bulk of the victims are based in Ecuador, Venezuela, Peru, Argentina, and Columbia. However, other victims have been identified in Korea, the United States, the Dominican Republic, Cuba, Bolivia, Guatemala, Nicaragua, Mexico, England, Canada, Germany, Russia, and the Ukraine. Targets include a wide array of high-profile organizations, including intelligence services, military, utility providers, embassies, and government institutions.

An interesting aspect, according to researchers, is that the majority of countries that were most heavily targeted share a land border with Brazil, yet SPEAR didn't identify any Brazilian victims. The malware is delivered by phishing emails using links to external zip and RAR files containing code generated by the Nullsoft Scriptable Install System -- a technique seen in other recent attacks.

"El Machete will no doubt continue to be successful across most Latin American countries as they struggle to build up both their offensive and defensive cyber capabilities," the researchers conclude. "Many of the targeted countries were listed as customers in the leaks of both Finfisher and Hacking Team, which suggests they likely have yet to fully mature and develop their own internal cyber capabilities. In any case, whoever is behind El Machete is certainly reaping the rewards of building and deploying their own custom malware."

You can find more details of the threat on the Cylance blog.

Photo Credit: andriano.cz/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

How writing zip support for Windows almost cost its creator his job at Microsoft

Apple AirPlay comes to IHG Hotels and Resorts

Millennials are key targets for phishing

Get 'Applied Machine Learning and AI for Engineers' (worth $67.99) for FREE

Best Windows apps this week

The dynamics of modern Windows device management [Q&A]

Netflix says it will no longer share details of subscriber numbers

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.