Brazilian bank app users targeted by CHAVECLOAK phishing attack

Mar 12 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s radioactive in the fight against cybercrime like that cat in Japan ๐Ÿฑ๐Ÿฏ๐Ÿ™ƒ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ† Brazilian bank app users targeted by CHAVECLOAK phishing attack ๐ŸŽฃ

  • ๐Ÿ˜ฑ Oh the humanity! First the beer and then the brew. Belgian beer, coffee targeted ๐ŸŽฏ

  • ๐Ÿฎ Beware! Fake Leather wallet app on Apple App Store is a crypto drainer ๐Ÿ’ธ

What do you call a yoboโ€™s dressing gown? His CHAVECLOAK ๐Ÿ˜ฌ๐Ÿ˜ฌ๐Ÿ˜ฌ


๐Ÿšจ New Banking Trojan CHAVECLOAK Targets Brazilian Users ๐Ÿ›ก๏ธ

Brazilian users are under attack from a sophisticated banking trojan named CHAVECLOAK, spread through phishing emails containing PDF attachments, according to Fortinet FortiGuard Labs.

๐Ÿ“ง The attack begins with PDF attachments posing as DocuSign contracts, prompting users to click on a button to “read and sign” documents. Instead, this leads to the download of a ZIP file containing an installer named “Lightshot.exe.”

๐Ÿ”’ The installer employs DLL side-loading techniques to load the CHAVECLOAK malware, which steals sensitive information. It monitors user activity on banking and cryptocurrency platforms, logging keystrokes, blocking screens, and displaying deceptive pop-ups.

๐Ÿ’ป Fortinet also discovered a Delphi variant of CHAVECLOAK, emphasizing the prevalence of Delphi-based malware in Latin America.

โš ๏ธ This threat emerges amidst an ongoing mobile banking fraud campaign across the U.K., Spain, and Italy, utilizing Android malware called Copybara via smishing and vishing tactics. Threat actors manage these attacks through a centralized web panel named “Mr. Robot.”

๐Ÿ” The sophistication of on-device fraud is on the rise, as seen in a TeaBot campaign infiltrating the Google Play Store. This emphasizes the critical need for heightened vigilance and security measures to combat evolving cyber threats targeting financial sectors and users globally.

Stay up-to-date with AI.

The Rundown is the worldโ€™s fastest-growing AI newsletter, with over 500,000+ readers staying up-to-date with the latest AI news and learning how to apply it.

Our research team spends all day learning whatโ€™s new in AI, then distills the most important developments into one free email every morning.

Sign up with one click.

Stella attack lads! But itโ€™ll Costa ๐Ÿ˜

๐Ÿšจ Breendonk Village Hit by Second Cyberattack โšก

๐Ÿ”’ Following a recent cyberattack on Duvel Moortgat Brewery, the Belgian village of Breendonk faces another incident affecting local coffee roasters Koffie Beyers.

๐Ÿ‘ฎโ€โ™‚๏ธ Police have launched investigations into both incidents, with specialists from a computer crime unit on the scene. The proximity of the attacks, both in time and location, is striking, occurring within the same municipality less than a mile apart.

โ˜• Koffie Beyers, Belgium’s largest coffee roaster with operations across five countries, including Italy, is yet to clarify the extent of the impact. There’s no confirmation whether other facilities have been affected.

๐Ÿบ Duvel Moortgat Brewery, an international beer exporter, has halted production at its Belgian and U.S. sites due to the attack. However, assurances have been made about sufficient stock to meet consumer demand.

๐Ÿ” While investigations are underway separately, authorities will compare the incidents for potential similarities, emphasizing the seriousness of the situation and the need for heightened cybersecurity measures.

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Cryptonites get a leathering! ๐Ÿ’€

๐Ÿšจ Warning: Fake Leather Wallet App on Apple App Store ๐ŸŽ

๐Ÿ’ผ The developers of the Leather cryptocurrency wallet issue a caution regarding a counterfeit app on the Apple App Store, reportedly draining users’ digital assets.

๐Ÿ”’ Wallet drainers, as they’re called, deceive users into revealing secret passphrases or execute malicious transactions, enabling attackers to pilfer all digital assets, including NFTs and cryptocurrency.

๐Ÿ“ฑ Despite reports to Apple, the fake Leather app remains accessible on the App Store, posing a significant threat to unsuspecting users who may unknowingly input their passphrase, thereby risking asset loss.

๐Ÿ›ก๏ธ Leather advises affected users to swiftly transfer their cryptocurrency to a new wallet as a precautionary measure against potential asset drain. However, the malicious app persists despite warnings.

โš ๏ธ Notably, the fake app maintains a high rating and features seemingly fabricated user reviews, adding to its deceptive allure. Such incidents underscore the importance of vigilance when downloading apps and verifying their authenticity through official sources.

๐Ÿ”— For enhanced security, it’s advisable to access apps through links provided on official project websites, ensuring protection against potential threats.

Stay informed and stay safe!

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles