Windows systems across Latin America have been targeted with malicious payloads delivered through a sophisticated phishing attack campaign, The Hacker News reports.
Intrusions commenced with the distribution of phishing emails from an address using the "temporary[.]link" domain that include a ZIP file attachment containing an HTML file redirecting to a CAPTCHA verification page that triggers malicious RAR file downloading if accessed from a Mexico-based IP address, a report from Trustwave SpiderLabs revealed.
Aside from collecting system metadata, the malicious RAR file also monitors antivirus software presence and targeted devices' locations, as well as fetches a Dropbox-hosted ZIP file with suspicious files, according to researchers, who discovered parallels between the campaign and previous Horabot malware attacks that have also been targeted at Latin America.
Such findings follow a Malwarebytes report regarding a malvertising attack campaign using fraudulent NordVPN ads to facilitate the deployment of the SectopRAT malware, also known as ArechClient.
