In a concerning development, a sophisticated cyberattack campaign has emerged, targeting individuals across Latin America by malicious actors who impersonate Colombian government agencies. These attackers have devised a cunning strategy, distributing emails containing PDF attachments that falsely accuse recipients of traffic violations or other legal infractions.
The ultimate goal of these deceptive communications is to coerce unsuspecting victims into downloading an archive that conceals a VBS script, thereby initiating a multi-stage infection process.
Initially, the script acquires the payload’s address from resources like textbin.net before proceeding to download and execute the payload from platforms such as cdn.discordapp(.)com, pasteio(.)com, hidrive.ionos.com, and wtools.io.
This intricate execution chain progresses from PDF to ZIP, then to VBS and PowerShell, and finally to the executable file (EXE).
The resulting payload is identified as one of several well-known remote access trojans (RATs), including AsyncRAT, njRAT, or Remcos. These malicious programs are notorious for their capability to provide unauthorized remote access to the infected systems, posing significant risks to victims’ privacy and data security.
To combat this threat, cybersecurity professionals and researchers are urged to consult the TI Lookup tool for comprehensive information on these samples.
This resource can greatly assis
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: