The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware. This threat is known as a banking trojan malware that collects financial information by injecting malicious code into a computer.
EMOTET has evolved in its delivery, however, this wave was conducted with the most prominent form: inserting malicious documents or URL links inside the body of an email sometimes disguised as an invoice or PDF attachment.
According to SI-LAB, a total of 176 users from Chile were affected in a broad cyber threat occurred between March 18th and 26th of 2019. Once again, the main goal of this campaign involving EMOTET had the propose of exfiltrating financial credentials from user’s computers to access financial and banking services geolocated in Chile.
The first phase identified as “__Denuncia_Activa_CL.PDF.bat” is responsible for operating a crucial part of this threat. That file was delivered via