The Telmex-Scitum threat intelligence team discovered a new Trojan malware campaign called “BlackParty”which shared the information with Fortinet’s FortiGuard Labs for joint action against the threat. The main goal of BlackParty is to add infected devices to a botnet and then perform malicious activities such as stealing information, stealing cryptocurrencies, and taking full control of the infected device..
The malware is operating in different countries in Latin America, reaching victims through phishing emails or messages that lead to fake local pages. Data collected from infected devices includes:
- Unique victim identifier
- Operating system
- Antivirus installed on the device
- operating system architecture
- Validation of user permissions
According to Fortinet sensors used to monitor the scope of the campaign, Brazil is currently the main target from BlackParty and has been detected more than 500 times since its discovery.
BlackParty was discovered in May after Scitum detected phishing emails leading to a bogus website attempting to impersonate the Mexican Tax Administration Service, whose interface was identical to the legitimate website. The site would then display a pop-up asking the victim to enter a captcha and then download a user manual on how to use the site. The folder named “Sat.zip” contained the malware responsible for downloading, unpacking and executing the file to establish a connection with the attacker’s command and control center.
All relevant URLs were classified as “malicious sites” by Fortinet’s web filtering service, powered by threat intelligence from FortiGuard Labs, and indicators of compromise (IoCs) were added to the company’s solutions, honoring the name given by Scitum. Added information about the new malware to the FortiGuard Labs Public Threat Encyclopedia.
1. A41D1649A524DFD0E7A256D98D32366E –
2. 20DD296E9CABA9A86B9E1D5578B3075F –
3. 9CEB35DB24F1514D95C6AC75D1A6BC39 –
4. 1D57FC403FCE72C9A2ED73E178585C77 –
5. 640D5A5FE954C4EFDD4AEECE468E99FB –
What to do to protect yourself?
The most effective protection is always the awareness of the end userwho should know how identify suspicious emails and messages, as well as understand how a phishing campaign works. The Fortinet NSE 1 Portuguese course includes a module on Internet Threats that addresses exactly this topic.
Additionally, advanced cybersecurity solutions help organizations stay secure. For example:
1. Web filtering service that classifies “malicious websites“
2. Antivirus to block malware files
3. Systems updated with the latest threat database
4. Quarantine and delete infected files
5. Replacing infected files with clean backups
The recent collaboration agreement with Telmex-SCIUM -a Mexican cybersecurity company with a presence in Latin America, the United States and some European countries-, to share strategic information on threats related to cybersecurity, collaborate to strengthen detections.
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
It may interest you:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.