Cybersecurity researchers from Cisco Talos have spotted a new hacking campaign they claim is targeting victims’ sensitive data, login credentials, and email inboxes.

Horabot is described as a botnet that has been active for almost two and a half years now (first spotted in November 2020). During that time, it’s mostly been tasked with distributing a banking trojan and spam malware

Its operators seem to be located in Brazil, while its victims are Spanish-speaking users located mostly in Mexico, Uruguay, Venezuela Brazil, Panama, Argentina, and Guatemala.

Horabot botnet

The victims are found in different industries, from investment firms to wholesale distribution, from construction to engineering, and accounting.

The attack starts with an email message carrying a malicious HTML attachment. Ultimately, the victim is urged to download a .RAR archive, which holds the banking trojan. 

The malware is capable of doing plenty of things: stealing login credentials, logging keystrokes, and grabbing system information. By generating an invisible overlay, it is also capable of grabbing one-time security codes from multi-factor authentication (MFA) apps, essentially bypassing this crucial layer of security. 

Also, the trojan can take over the victims’ email accounts, including those from Outlook, Gmail, and Yahoo. The threat actors would then use this access to send spam messages to all of the contacts saved in the inbox, making its distribution and infection chain somewhat random and untargeted. To some extent, the trojan also works as a remote desktop management tool, as it can create and delete directories and files from the victim’s endpoint, the researchers said. 

Finally, the tool has several obfuscation features that prevent it from running in a sandbox environment, or next to a debugging tool, making discovery and subsequent analysis somewhat more difficult. 

Via: BleepingComputer

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.