Banking virus operated from Brazil has already affected seven countries in Latin America

A malicious campaign that appears to be operated from Brazil has reached seven countries in the Latin America, at least. It’s regarding the Horabot Trojan Horse which has been circulating since November 2020 and acts with the focus of stealing emails and also bank credentials.

The information comes from the security company Cisco Talos, which reported in its analysis two targets of the attacks of this action. One of them is banks and here the virus is able to steal account access credentials and other financial services, as well as two-step verification codes and even tokens.

The other target of this malicious campaign is the Outlook inbox. In this sense, it can be noted that Horabot’s focus is on the corporate sector, since both contacts and addresses of recent communications are stolen so that the virus can be distributed, using false messages to deceive other people.

With regard to operating systems, the focus of this virus is Windows and its attack involves using PowerShell to download it, in addition to loading the DLLs that activate it. Once installed, it tries to avoid detection by security platforms while searching for its targets.

The whole problem starts with an email sent that relates to tax issues, without any sophistication and using few words. Finally, Cisco Talos warns once morest using recognized infrastructures to receive information and make the virus available in services such as the Amazon cloud.

Although the actions are concentrated in Mexico, there are more countries being affected by the virus, namely Uruguay, Argentina, Panama, Venezuela and Guatemala. To avoid falling for this campaign, be wary of messages with file attachments and only open them if you are sure of their legitimacy. Also check out the cyberattack suffered by Discord, as well as a recently released report of Android apps infected with “ad virus”.