A group of hackers, apparently based in Colombia, is running a phishing campaign that impersonates emails and seeks to harvest victims in South America. Malicious actors use a wide range of malware and geolocation filters to infect computers and avoid detection.
Cybersecurity company Trend Micro has identified the operation of cybercriminals as APT-C-36. As these use a remote access tool (RAT), it is believed that they can monitor and collect any type of computer information. In the world of malware, these tools are Trojans that use a backdoor.
At the moment it is known that most of the objectives are located in Colombia, Ecuador and Panama. Cybercriminals use different decoys to get users to download malware. They send fraudulent emails that mainly pose as the National Tax and Customs Directorate of Colombia, and the National Tax and Customs Directorate (DIAN).
It says ’embargo order’, but it’s malware
Credit: Trend Micro
Fraudulent emails speak of a “bank account seizure order“and invite to open a file with information about the alleged debt (PDF or Word). By clicking on a link included in the attached document, the user is redirected to a file hosting server and a compressed file is automatically downloaded.
When the user opens the compressed file with the key supplied above, a BitRAT-based remote access Trojan which was discovered for the first time in 2020. According to the researchers, those affected include government, finance, health, telecommunications and energy, oil and gas organizations.
Part of the effectiveness of attackers in inserting their malware is due to its great targeting capacity. If the download URL of the malicious file detects a VPN or a location that is not of interest, it will not download. “APT-C-36 selects its targets based on the location and likely financial condition of the email recipient,” they said from Trend Micro.
Hackers constantly renew their techniques. To be protected from their attacks, it is essential to have all the updated software, to navigate through safe sites. And above all, do not open emails from unknown senders. A anti-malware protection software It can also be useful to take care of the security of the computer.