After being exposed to a new and more aggressive distribution campaign involving the Astaroth banking trojan, which is a long-standing malware strain known for targeting financial users in the country, the cyber threat landscape in Brazil is once again coming under scrutiny.
Astaroth has recently launched a new operation, internally referred to as Boto Cor-de-Rosa, which marks a significant shift in the organization’s propagation methods by incorporating WhatsApp Web into its infection chain that marks a major shift in its propagation strategies.
A malicious script in this campaign is capable of harvesting the contact list of the victim on WhatsApp and autonomously sending malicious messages to those contacts, effectively turning that compromised WhatsApp account into a self-propagating infection vector.
A number of analysts are observing the Astaroth Boto Cor-de-Rosa operation as a clear indicator of a sharp rise in both technical sophistication and social engineering precision. Using rapid self-propagation capabilities and longstanding ability to steal banking credentials, this operation is a very sophisticated one.
There is a dual-purpose architecture at the heart of this campaign that allows the malware to spread autonomously, while at the same time monitoring the online activity of the victims. It is
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: