"The attackers use URL shorteners such as Rebrandly or Bitly in their PDF attachments. ![]() Once extracted, the archive contains an executable file: a dropper that injects Bandook into an Internet Explorer process. One example of a phishing email lure appeared to be a service announcement from a Dublin company, with an apparent business PDF enclosed. The attack begins with victims receiving malicious emails with a PDF attachment containing a shortened URL to download a compressed archive and the password to extract it. "We also found that this campaign targeting Venezuela, despite being active since at least 2015, has somehow remained undocumented." Updated Malware "When comparing the malware used in this campaign with what was previously documented, we found new functionality and changes to this malware, known as Bandook," ESET says. It aims to spy on construction, manufacturing, healthcare, retail and software services companies. ![]() The campaign dubbed Bandidos targets corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela, ESET reports. See Also: OnDemand | Navigating the Difficulties of Patching OT Researchers at the security firm ESET have uncovered an ongoing espionage campaign using an updated variant of Bandook spyware to target corporate networks in Venezuela and other nations in Latin America. ![]() Overview of a typical Bandook attack (Source: ESET)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |