"New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics"

A new banking Trojan called "CHAVECLOAK" targets Brazilian users through phishing emails with PDF attachments. According to Cara Lin, a Fortinet FortiGuard Labs researcher, the attack involves the PDF downloading a ZIP file and then executing the final malware using DLL side-loading techniques. Contract-themed DocuSign lures are used to trick users into opening PDF files with a button to read and sign the documents. Clicking the button triggers the retrieval of an installer file from a shortened remote link. The installer includes an executable called "Lightshot.exe" that uses DLL side-loading to load "Lightshot.dll," the CHAVECLOAK malware. This article continues to discuss findings regarding the CHAVECLOAK banking Trojan campaign.

THN reports "New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics"

Submitted by grigby1

Submitted by Gregory Rigby on