New malware campaign using stolen bank info as phishing bait

An unidentified actor or actors are tricking victims into opening malicious Excel attachments in phishing emails by showing them stolen sensitive information, reports The Hacker News. In its report, cybersecurity firm Qualys claims that the attackers appear to have stolen information including Colombian Cedula numbers, customer names, email addresses, telephone numbers, salary details, addresses, and payment records by gaining access to a Colombian cooperative bank's IT infrastructure, which they use to lure victims into opening the attachment. In addition to the bank data, the Excel file contains a macro that when activated downloads a second-stage DLL payload programmed to retrieve and execute BitRAT on the infected host. "It uses the WinHTTP library to download BitRAT embedded payloads from GitHub to the %temp% directory," according to Akshat Pradhan, a researcher at Qualys, which first found signs of the activity upon discovering a database dump with 418,777 records allegedly obtained by exploiting SQL injection faults.