Email security, Malware

Brazil subjected to novel CHAVECLOAK trojan attacks

One of the oldest and most widely spread banking fraud malwares, URSNIF, has been re-tooled into a generic backdoor that could become a staple for ransomware actors, according to new research from Mandiant. (Image credit: Sarah Lage via Getty)

Windows systems across Brazil have been targeted by attacks with the new CHAVECLOAK banking trojan, according to The Hacker News.

Attackers leveraged phishing emails using contract-themed DocuSign lures that included PDF attachments, which when opened fetches an installer file that eventually triggers the loading of the CHAVECLOAK malware, a report from Fortinet FortiGuard Labs revealed. After determining whether targeted machines are based in Brazil, CHAVECLOAK proceeds to create a command-and-control server connection and commences various activities that would enable the exfiltration of users' credentials and other sensitive information, as well as the tracking of their traditional banking and cryptocurrency accounts. "The emergence of the CHAVECLOAK banking Trojan underscores the evolving landscape of cyberthreats targeting the financial sector, specifically focusing on users in Brazil," said Fortinet FortiGuard Labs researcher Cara Lin. Such findings follow a Cleafy report detailing an ongoing mobile banking fraud operation in Europe that involved the distribution of the Copybara Android malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.