Chavecloak

Malware updated 3 months ago (2024-11-29T14:03:17.164Z)
Download STIX
Preview STIX
Chavecloak is a high-severity banking Trojan recently discovered by FortiGuard Labs that targets Brazilian banking users. Uncovered in March 2024, the malware infiltrates Windows systems across Brazil, leveraging phishing emails with contract-themed DocuSign lures containing malicious PDF attachments. When opened, these attachments fetch an installer file that triggers the loading of the Chavecloak malware, specifically through a malicious DLL named "Lightshot.dll". The malware demonstrates a sophisticated approach to regional targeting, employing Portuguese language settings and actively monitoring victims' interactions with financial portals. Once inside the targeted machines, Chavecloak verifies if the systems are based in Brazil before establishing a connection with its Command and Control (C2) server. It then initiates activities aimed at exfiltrating users' credentials and other sensitive information, tracking both traditional banking and cryptocurrency accounts. The telemetry of Chavecloak's C2 server has been visualized in Figure 2. This strategic approach underscores the evolving landscape of cyberthreats, especially those focusing on the financial sector. Chavecloak's infection method is still under investigation, but it is suspected to spread through various channels including phishing emails, SMS phishing (SMishing), and compromised websites. This new Trojan exemplifies the sophistication of contemporary banking Trojans, highlighting the necessity for continuous vigilance and proactive cybersecurity measures to protect against the evolving threats within the financial landscape, particularly in South America. Cybersecurity researchers warn of the expanding reach of this banking Trojan, urging users to exercise caution when opening suspicious downloads, emails, or visiting dubious websites.
Description last updated: 2024-05-05T05:58:02.026Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Fortiguard
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Chavecloak Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more