Online banking facility users from Latin-America have been dealing with a new threat in recent times. Users of MercadoLivre – a large e-commerce platform in Latin America have been targeted by an active campaign using Chaes, a multistage infostealer.
Specifically used to target Brazilian users, the infostealer has been written in multiple programming languages such as JavaScript, Vbscript, .NET, Delphi, and Node.js
MercadoLivre and its payment page MercadoPago are the prime focus of the attacks.
- E-mails claiming the purchase of MercadoLivre have been successful are being deployed to spread the infostealer through phishing campaigns.
- The attack chain is a combination of various stages, in which LoLbins and other legitimate software are used to avoid detection by AV products.
- Node.Js infostealer that extracts information using a node process is the final payload of this malware.
- Along with improved encryption and new functionalities, new variants of the Node.js module have been noticed in recent months.
- Additionally, it has the capabilities to take screenshots, hook and monitor the Chrome browser, and gather other user information.
The use of this infostealer has been a rising trend among cybercriminals in recent months.
- Businesses and higher education institutions across the U.S. have been targeted by the Juptyer Infostealer.
- 153 Android applications were targeted by the Ghimob Infostealer. The list of applications includes financial applications with the aim of stealing user credentials.
Cybercriminals have moved their focus towards stealing user information, which can be used for further scams or can be sold for money. Hence, our internal experts suggest protecting important information using strong encryption, applying eScan’s two-factor authentication, monitoring financial activities, and quickly alerting respective banks if anything suspicious is found.
To read more, please check eScan Blog
