Company Information Security ESET collected examples of malicious emails containing malware that were distributed in Latin America during 2023. These cases allow us to study the tactics used by cybercriminals to defraud people, the types of attachments used, and the distribution of malware. You better check them thoroughly to avoid falling victim to the same thing in the coming months.
Malicious emails often impersonate trusted entities such as banks, government agencies or large companies, and tend to convey a sense of urgency, such as the need to verify details for an imaginary delivery or take advantage of a limited-time offer. Once the user falls into the trap and downloads the attachment, usually in Excel or wordsa malware infection occurs.
ESET analyzes real cases where attackers try to exploit known vulnerabilities in Microsoft Office
to download malicious files to victims’ devices. Among the types of malware distributed are remote access Trojans, such as Agent Tesla, AsyncRAT or njRAT. Additionally, the use of email spoofing has been observed, with criminals spoofing legitimate sender addresses to deceive users.Email spoofing creates the impression that messages are coming from trusted sources, leading users to click malicious links or download infected files. In cases identified ESETCybercriminals impersonate real people who work or have worked for companies, which increases the credibility of the deception and makes it more difficult to initially detect.
Vulnerability CVE-2017-1182: In this case, you will see a purchase order email in Excel .xls format. Analysis of the attached file showed that it is infected with malware, which will take advantage of the CVE-2017-1182 vulnerability to download it onto the victim’s computer. This vulnerability, along with CVE-2012-0143, was the most exploited vulnerability in 2023.
Vulnerability CVE-2017-0199: In this other example, you can see the same mode of operation and the same deception: an attachment simulating participation in the sales process, detailing orders. Impersonates a Mexican company and impersonates one of its real employees. ESET’s analysis of the attached Excel file revealed that it is malware that will exploit the CVE-2017-0199 vulnerability through which it will download a different type of malware onto the victim’s computer.
ESET has also identified other examples of malicious attachments containing an exploit for the CVE-2017-0199 vulnerability. The campaign then downloads a different type of malware onto the victim’s computer. The person mentioned as the sender of the email worked for DHL.
“These campaigns and attempts at deception are widespread in the Latin American region. The evolution of threats and the way hoaxes can be modified to make them more believable means you should always be on guard and wary of unsolicited emails and other forms of communication.”– comments Camilo Gutierrez Amaya, Head of Research Laboratory at ESET Latin America.
Chronic kidney disease (CKD) in cats and dogs poses significant clinical problems, and new research…
The average wholesale market electricity price will break through a new daily annual high this…
Black Friday is officially celebrated on November 29th, but it gets earlier every year. On…
Spanish pilot Jorge Martin (Ducati Desmosedici GP24) could become the new MotoGP world champion this…
JAKARTA - Elizabeth Olsen is making money in the Marvel Cinematic Universe (MCU) to play…
look five years ago dark blueA female white shark more than six meters long and…