A cybercriminal gang has put together a phishing campaign that utilizes several trusted sources, along with insider help from a top tier security company service to convince its victims to open and download a malicious attachment.

Cofense Intelligence found the malicious actors, who are only targeting Brazilians, are extensively using trusted names, legitimate Windows services and the Cloudflare Workers to inject the Astaroth trojan with the aim of stealing banking credentials. However, despite the effort put forth by the gang Cofense researchers said the attacks can be stopped if the proper precautions, both human and technical, are in place.

The current campaign is sending emails only in Portuguese pretending to be either an invoice, show ticket or civil lawsuit. In each case the body of the email is socially engineered to convince the recipient to open and then download the attached .htm file.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.