Windows users in Argentina, Chile, Colombia, Guatemala, Mexico, and Peru have been subjected to attacks spreading the Horabot malware as part of a new phishing campaign discovered last month, according to The Hacker News.
Intrusions commence with the distribution of malicious emails with invoice-themed lures deceiving targets into opening a ZIP archive that includes a nefarious HTML file enabling next-stage payload retrieval, a report from Fortinet FortiGuard Labs showed. Such a ZIP archive payload then facilitates the loading of a script performing external Visual Basic Script injection that proceeds with the exfiltration of system information and further compromise with Horabot after determining targeted systems' absence of Avast antivirus or non-operation in a virtual environment. Aside from enabling the further distribution of phishing emails to Outlook contacts, Horabot also pilfers data stored in various web browsers, including Google Chrome, Yandex, and Brave, as well as triggers bogus pop-ups aimed at compromising user logins, said the report.
Intrusions commence with the distribution of malicious emails with invoice-themed lures deceiving targets into opening a ZIP archive that includes a nefarious HTML file enabling next-stage payload retrieval, a report from Fortinet FortiGuard Labs showed. Such a ZIP archive payload then facilitates the loading of a script performing external Visual Basic Script injection that proceeds with the exfiltration of system information and further compromise with Horabot after determining targeted systems' absence of Avast antivirus or non-operation in a virtual environment. Aside from enabling the further distribution of phishing emails to Outlook contacts, Horabot also pilfers data stored in various web browsers, including Google Chrome, Yandex, and Brave, as well as triggers bogus pop-ups aimed at compromising user logins, said the report.
