Dark Caracal targets Latin America with Poco RAT malware

Advanced persistent threat operation Dark Caracal has sought to compromise organizations in Venezuela, Chile, the Dominican Republic, Colombia, and Mexico with the Poco RAT malware featuring extensive espionage capabilities last year, reports The Hacker News.

Malicious Spanish-language emails purporting to be invoices have been sent by Dark Caracal to lure targets into opening spoofed decoy documents, which enable the download of a .rev archive containing a Delphi-based dropper that deploys Poco RAT, according to findings from Positive Technologies.

Despite having the capability to perform file uploads, screenshot capturing, command execution, and system process modifications, Poco RAT's lack of an integrated persistence mechanism may have been necessitating a server-based command for persistence, said researchers.

Such a development comes months after Poco RAT was reported by Cofense to have been deployed in phishing attacks with finance-themed lures against organizations in the manufacturing, utilities, mining, and hospitality verticals.