Threat actors are called TA558 Attributed to a new large-scale phishing campaign targeting multiple sectors in Latin America with the goal of deploying the Venom RAT.
These attacks primarily targeted the hospitality, tourism, trade, financial, manufacturing, industrial, and government sectors in Spain, Mexico, the United States, Colombia, Portugal, Brazil, the Dominican Republic, and Argentina.
TA558 has been active since at least 2018 and has been targeting entities in Latin America, distributing various malware such as Loda RAT, Vjw0rm, and Revenge RAT.
Perception Point researcher Idan Tarab said that the latest infection chain uses phishing emails as the initial access vector to deliver Venom RAT, which is a branch of Quasar RAT and has the ability to remotely collect sensitive data and expropriate systems.
The disclosure comes as threat actors are increasingly being observed using the DarkGate malware loader, following law enforcement’s takedown of QakBot last year for targeting financial institutions in Europe and the United States.
“Ransomware groups use DarkGate to establish an initial foothold and deploy various types of malware across corporate networks,” said EclecticIQ researcher Arda Büyükkaya.
“These include, but are not limited to, information-stealing programs, ransomware, and remote administration tools. The goal of these threat actors is to increase the number of infected devices and the amount of data stolen from victims.”
It has also seen malvertising campaigns designed to spread malware such as FakeUpdates (aka SocGholish), Nitrogen and Rhadamanthys.
Earlier this month, Israeli ad security firm GeoEdge revealed that a notorious malvertising group tracked as ScamClub “has shifted its focus to video malvertising attacks, resulting in VAST forced redirect traffic since February 11, 2024.” Surge.”
These attacks require the malicious use of Video Ad Serving Template (VAST) tags for video ads to redirect unsuspecting users to scam or scam pages, but only through certain client-side and server-side fingerprinting techniques. .
The majority of victims were located in the United States (60.5%), followed by Canada (7.2%), the United Kingdom (4.8%), Germany (2.1%), and Malaysia (1.7%).
