Onion Information

Page Clicks: 0

First Seen: 03/12/2024

Last Indexed: 10/23/2024

Domain Index Total: 101

cybercrime news Iris Green Writer 'Horabot' botnet malware targets users in latin america June 2, 2023 Latin American users who speak Spanish have been targeted by a newly discovered botnet malware known as Horabot since at least November of 2020. According to Chetan Raghuprasad , a researcher at Cisco Talos, Horabot facilitates the ability of the threat actor to manipulate the Outlook mailbox of the victim, extract email addresses of contacts, and distribute phishing emails containing harmful HTML attachments to all addresses present in the victim's mailbox. The botnet program additionally dispenses a Windows-based financial trojan and a spam tool to gather online banking credentials, along with compromising Gmail, Outlook, and Yahoo! webmail accounts to disseminate spam emails. As per the cybersecurity firm's report, a significant number of infections have been detected in Mexico, with a few victims identified in Uruguay, Brazil, Venezuela, Argentina, Guatemala, and Panama. The perpetrator responsible for the campaign is suspected to be located in Brazil. The current campaign is primarily aimed at users in the accounting, construction, engineering, wholesale distribution, and investment sectors. However, it is believed that other industries in the region may also be impacted. The onset of the attacks commences with the dissemination of phishing emails that bear tax-themed attachments, aimed at inducing the recipients to open an HTML attachment. This attachment, in turn, embeds a link that contains a RAR archive. Upon opening the contents of the file, a PowerShell downloader script is executed, which is responsible for retrieving a ZIP file containing the primary payloads from a remote server and initiating a system restart. The system restart serves as a launchpad for the banking trojan and the spam tool, enabling the threat actor to pilfer data, log keystrokes, capture screenshots, and disseminate additional phishing emails to the victim's contacts. Raghuprasad stated that the campaign entails a multi-stage attack chain, which commences with a phishing email and culminates in payload delivery via the execution of a PowerShell downloader script and sideloading to legitimate executables. The banking trojan is a 32-bit Windows DLL that has been authored in the Delphi programming language. It exhibits similarities with other Brazilian malware families such as Mekotio and Casbaneiro. On the other hand, Horabot is an Outlook phishing botnet program that has been scripted in PowerShell. It possesses the ability to dispatch phishing emails to all email addresses present in the victim's mailbox, thereby facilitating the spread of the infection. Furthermore, it is a calculated endeavor to reduce the likelihood of the threat actor's phishing infrastructure being uncovered. The aforementioned disclosure has been made one week subsequent to SentinelOne's attribution of an unknown Brazilian threat actor to a protracted campaign aimed at over 30 Portuguese financial institutions, utilizing information-stealing malware since 2021. Furthermore, the disclosure follows the identification of a new Android banking trojan, PixBankBot , which exploits the accessibility services of the operating system to execute fraudulent money transfers via the Brazilian PIX payments platform. PixBankBot is the most recent instance of malware that specifically targets Brazilian banks, exhibiting similar capabilities to BrasDex, PixPirate, and GoatRAT, which have been observed in recent months. These developments are indicative of a broader group of financially motivated hacking endeavors originating from Brazil, underscoring the importance of user vigilance in order to avoid falling victim to such threats. Some similar articles you may like! Heinrich X Dec. 27, 2023 International Authorities Claims Alphv Blackcat Ransomware (Raas) Seizure International Law enforcement agencies claim to have seized the dark net leak site of the infamous ALPHV ransomware gang, also known as BlackCat. A ransomware f... cybercrime news Iris Green July 19, 2023 Wormgpt - Chatgpt Rival With 'No Ethical Boundaries', Sold On The Dark Web Researchers have warned about an AI tool called WormGPT, which has "no ethical boundaries or limitations" and is being advertised on the dark web for use in hac... cybercrime news Darknet Markets Top darknet markets, feel free to explore. Purchase at your own risk, but we don't encourage. Ares Market Mgm Grand Market Archetyp Market Drug Hub Market Super Market Omg!Omg! Market (Ru) Cypher Market Dark Matter Market Abacus Market More darknet markets Vendor Stores Some known vendors who run their own dark web stores. Smackers Vendor Shop Gammagoblin Heineken Express More vendor stores Search Engines Can't find what you're looking for? Maybe try one of the search engines. Tordex Torch Venus More search engines Forums Reach out to members of the darknet community and improve your research thru these forums. Dread Libre More forums Popular Top 8 Darknet Markets Mgm Grand Market Ares Darknet Market Omg!Omg! Darknet Market