Chaes

The Chaes malware, a harmful program designed to exploit and damage computer systems, first emerged in November 2020. It primarily targeted e-commerce customers in Latin America, with a particular focus on Brazil. The malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The threat actors behind this operation, known as Lucifer, had successfully breached more than 800 WordPress websites by early 2022 to deliver Chaes to users of various financial platforms. Morphisec, a leading cybersecurity firm, recently discovered a new and more advanced variant of the Chaes malware, dubbed Chae$4. This version is targeting customers of financial and logistics companies in Latin America. Notable improvements in the latest Chaes framework include advancements in the "Chronod" module, which intercepts victim browser activity. The current campaign uses a Portuguese-language email, seemingly from an attorney about an urgent legal matter, to trick victims into downloading the malware. Interestingly, the developers of the Chaes malware have been hiding intricate ASCII art pieces and messages within the code, according to Arnold Osipov, a malware researcher at Morphisec. These hidden elements praise threat hunter efforts and thank them for their interest, indicating that the developers are aware of the attention their creation has attracted. In fact, one message even acknowledges that the Chaes team was discovered by Cybereason three years ago, demonstrating a level of engagement with the cybersecurity community.