Skip to content
  • Home
  • Social Media
  • About Us
  • Privacy Policy
    • Cookie Policy
    • Terms of Use
  • Amazon Affiliate Disclaimer
  • Sitemap
Menu

lumialivecentre.com

  • Home
  • Social Media
  • About Us
  • Privacy Policy
    • Cookie Policy
    • Terms of Use
  • Amazon Affiliate Disclaimer
  • Sitemap
Home / Social Media / Phishing campaign targets LATAM e-commerce users with Chaes MalwareSecurity Affairs
Posted inSocial Media

Phishing campaign targets LATAM e-commerce users with Chaes MalwareSecurity Affairs

Posted By Baris Posted on December 12, 2020
Comments are off

Cybereason Nocturnus experts discovered an active campaign targeting users of Latin America’s largest e-commerce platform with the Chaes malware.

Security researchers at Cybereason Nocturnushave identified an active campaign aimed at users of a large e-commerce platform in Latin America.

Cybereason Nocturnus experts discovered an active campaign targeting users of a large e-commerce platform in Latin America, where malware is controlled as chains.

The Chaes malware program was first noticed by Cybereason researchers in mid to late 2020. It is a layered information thief targeting Brazilian customers of MercadoLivre, the largest e-commerce company in Latin America.  By 2019, more than 320 million users were registered on the MercadoBook e-commerce platform.

Chaes is written in several programming languages, including Javascript,
Vbscript, .NET, Delphi and Node.js. According to experts, the malicious code is in the development phase.

Chaes focuses specifically on the website of the Brazilian e-commerce company MercadoLivre and its payment site MercadoPago to steal financial information about its customers. Chaes’ latest payload is the theft of information from Node.J, which filters the data through the node process.

Chaes can also take screenshots of the victim’s computer and monitor a
hook and the Chrome web browser to gather information about users of infected hosts.

The destruction chain starts with phishing messages using the .docx file, which, once opened, launches an attack on the model injection.

When the malware connects to the command and control server, it downloads the first malicious load as a .msi file, which provides the .vbs file used for other processes and removes the .dll and engine.bin files. The malware also installs three other files, hhc.exe, hha.dll and chaes1.bin, and the researchers also observed the use of a cryptographic currency extraction module.

Attackers use the built-in Microsoft Word function to retrieve a payload from a remote server by changing the template target in the settings.xml file embedded in the document and filling in the URL field for the next payload download.

The chain of attack includes several steps, including the use of LoLbins
and other forensic software to prevent detection by AV products.

In recent months, experts have observed different variants, the authors have improved encryption and implemented new functions in the Node.js end module.

Cybereason has already observed and investigated multi-layer malware using such techniques in the LATAM region and in Brazil in particular. Chaes shows how complex and creative malware writers in the Latin American region can be when trying to achieve their goals. Malware not only serves as a warning to information security researchers and IT professionals not to take lightly the existence of files that are inherently legitimate, but also raises concerns about a possible future trend of using the Puppeteer library for new attacks on other major financial institutions.

Pierluigi Paganini

(Security issues – Hacking, malware)

 

Part

 

Related Tags:

cyber attacks on banks 2020,cyber attacks on banks in india,australian banks ddos extortion,banks hacked 2020,impact of cyber attacks on banks,cyber attacks on financial institutions 2019

Previous Article Data Security – 3 Ways to Prepare for a Future of Advanced Attacks
Next Article How to See Someone’s Activity on Instagram

Related Posts

Posted inSocial Media

What do I need to know to make calls on WhatsApp?

After reading this guide, you will learn how to make a voice or video call on WhatsApp from your iPhone or Android device. Hello, friends. It’s Frankie again. Today I want to talk about another trick that can help you

Read More about What do I need to know to make calls on WhatsApp?
Posted By Baris Posted on December 21, 2020
Comments are off
Posted inSocial Media

The App To Help You Come up With a Dating Activity

Menu item and details. Words: 943 Reading time: ~4 minutes This can be a problem for couples when it comes to making decisions together. If you’re in a relationship, decisions about what you do on date night need to be

Read More about The App To Help You Come up With a Dating Activity
Posted By Baris Posted on December 21, 2020
Comments are off
Posted inSocial Media

Space Wolf Review –

Sons of Russia comes to the Nintendo Switch in a new version of Warhammer 40,000 : Space Wolf by developer HeroCraft. Once the game is loaded, the player is greeted with a roaring and murderous Space Wolves logo. Tips are

Read More about Space Wolf Review –
Posted By Baris Posted on December 19, 2020
Comments are off

Recent Posts

  • HappyForms Review: One of the best form plugins on the market
  • Using PowerShell to View and Change BIOS Settings
  • What Are the Most Profitable Website Types in 2020
  • 10 best software to improve video quality [2021 Guide]
  • How to Install Android Q on Windows 10 PC – Latest Version
  • How Web Design affects SEO –
  • How to Stop Programs From Running at Startup on Windows 10 (Updated)
  • How to Fix “The selected virtual disk is incompatible with this workstation…”
  • CleanMyMac X Review –
  • Best Elementor Ecommerce Themes To Use In 2021
  • How to Get YouTube Premium Free Trial of 3 Months using Google One
  • How to Delete a Blogger Blog Permanently in 3 Minutes
  • Find out how Custom Software is Different from Packaged Software.
  • Xender for PC Windows 10/8.1/7 32-64 Bit Laptop Download
  • Best Minecraft taiga biome seeds
© Copyright 2018. Theme by BloomPixel