Windows systems across Brazil have been targeted by attacks with the new CHAVECLOAK banking trojan, according to The Hacker News.
Attackers leveraged phishing emails using contract-themed DocuSign lures that included PDF attachments, which when opened fetches an installer file that eventually triggers the loading of the CHAVECLOAK malware, a report from Fortinet FortiGuard Labs revealed. After determining whether targeted machines are based in Brazil, CHAVECLOAK proceeds to create a command-and-control server connection and commences various activities that would enable the exfiltration of users' credentials and other sensitive information, as well as the tracking of their traditional banking and cryptocurrency accounts. "The emergence of the CHAVECLOAK banking Trojan underscores the evolving landscape of cyberthreats targeting the financial sector, specifically focusing on users in Brazil," said Fortinet FortiGuard Labs researcher Cara Lin. Such findings follow a Cleafy report detailing an ongoing mobile banking fraud operation in Europe that involved the distribution of the Copybara Android malware.
