This new malware campaign can hijack your Gmail or Outlook email account

Gmail inboxes are used to send spam and phishing messages

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Cisco Talos have spotted a new hacking campaign they claim is targeting victims’ sensitive data, login credentials, andemailinboxes.

Horabot is described as a botnet that has been active for almost two and a half years now (first spotted in November 2020). During that time, it’s mostly been tasked with distributing a banking trojan and spammalware.

Its operators seem to be located in Brazil, while its victims are Spanish-speaking users located mostly in Mexico, Uruguay, Venezuela Brazil, Panama, Argentina, and Guatemala.

Horabot botnet

The victims are found in different industries, from investment firms to wholesale distribution, from construction to engineering, and accounting.

The attack starts with an email message carrying a malicious HTML attachment. Ultimately, the victim is urged to download a .RAR archive, which holds the banking trojan.

The malware is capable of doing plenty of things: stealing login credentials, logging keystrokes, and grabbing system information. By generating an invisible overlay, it is also capable of grabbing one-time security codes from multi-factor authentication (MFA) apps, essentially bypassing this crucial layer of security.

A new Mirai variant is attacking Linux devices to build a beastly DDoS botnet>Mirai botnet now targeting critical flaw in thousands of routers>These are the best firewall tools around

Also, the trojan can take over the victims’ email accounts, including those from Outlook, Gmail, and Yahoo. The threat actors would then use this access to send spam messages to all of the contacts saved in the inbox, making its distribution and infection chain somewhat random and untargeted. To some extent, the trojan also works as a remote desktop management tool, as it can create and delete directories and files from the victim’s endpoint, the researchers said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Finally, the tool has several obfuscation features that prevent it from running in a sandbox environment, or next to a debugging tool, making discovery and subsequent analysis somewhat more difficult.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

The 6 best electric motorcycle concepts and launches from EICMA 2024