Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

Avatar
The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, United States, Colombia, Portugal, Brazil, Dominican Republic, and

The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT.

The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, United States, Colombia, Portugal, Brazil, Dominican Republic, and Argentina.

Active since at least 2018, TA558 has a history of targeting entities in the LATAM region to deliver a variety of malware such as Loda RAT, Vjw0rm, and Revenge RAT.

The latest infection chain, according to Perception Point researcher Idan Tarab, leverages phishing emails as an initial access vector to drop Venom RAT, a fork of Quasar RAT that comes with capabilities to harvest sensitive data and commandeer systems remotely.

The disclosure comes as threat actors have been increasingly observed using the DarkGate malware loader following the law enforcement takedown of QakBot last year to target financial institutions in Europe and the U.S.

“Ransomware groups utilize DarkGate to create an initial foothold and to deploy various types of malware in corporate networks,” EclecticIQ researcher Arda Büyükkaya noted.

“These include, but are not limited to, info-stealers, ransomware, and remote management tools. The objective of these threat actors is to increase the number of infected devices and the volume of data exfiltrated from a victim.”

It also follows the emergence of malvertising campaigns designed to deliver malware like FakeUpdates (aka SocGholish), Nitrogen, and Rhadamanthys.

Earlier this month, Israeli ad security company GeoEdge revealed that a notorious malvertising group tracked as ScamClub “has shifted its focus towards video malvertising assaults, resulting in a surge in VAST-forced redirect volumes since February 11, 2024.”

The attacks entail the malicious use of Video Ad Serving Templates (VAST) tags – which are used for video advertising – to redirect unsuspecting users to fraudulent or scam pages but only upon successful passage of certain client-side and server-side fingerprinting techniques.

A majority of the victims are located in the U.S. (60.5%), followed by Canada (7.2%), the U.K. (4.8%), Germany (2.1%), and Malaysia (1.7%), among others.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

McDonald’s serves up a master class in how not to explain a system outage

Next Post

Google to Delete Billions of Browsing Records in ‘Incognito Mode’ Privacy Lawsuit Settlement

Related Posts

AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.
Avatar
Read More

For March’s Patch Tuesday, no zero-day flaws

Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they're just informational changes with no further action is required.The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.Known issues Each month, Microsoft publishes a list of known issues that relate to the operating system and platforms included in the latest update cycle; for March, there are two minor issues reported:To read this article in full, please click here
Avatar
Read More