CP
cyberpings
Malware & RansomwareHIGH

New VENON Malware Targets Brazilian Banking Users

SCSC Media
VENONbanking malwareBrazilZenoXRust
🎯

Basically, a new malware called VENON is tricking Brazilian users to steal their banking information.

Quick Summary

A new malware called VENON is targeting Brazilian banking users. This Rust-based threat employs advanced techniques to steal sensitive information. Stay alert and protect your accounts from this evolving danger.

How It Works

VENON is a new banking malware written in Rust, a programming language known for its performance and safety. This malware represents a shift from the more common Delphi-based malware previously seen in Brazil. It mimics behaviors of known banking trojans like Grandoreiro and Mekotio, utilizing banking overlay logic? to deceive users. Once installed, it monitors active windows and can replace legitimate banking application shortcuts with malicious ones, leading users to fake login pages.

The infection process is sophisticated. VENON employs DLL side-loading, a technique that allows it to load malicious code through legitimate applications. It uses social engineering? tactics, often delivering its payload via ZIP archives through PowerShell scripts. This method tricks users into executing the malware, often without their knowledge. Once inside, it establishes a WebSocket connection to its command-and-control server, allowing the attackers to control the infected systems remotely.

Who's Being Targeted

VENON specifically targets 33 financial institutions and digital asset platforms in Brazil. This includes major banks like Itaú, where it replaces legitimate application shortcuts with malicious versions. The malware's design suggests that it is tailored to exploit the Brazilian banking sector, which has seen a rise in cyber threats. The use of advanced evasion techniques, such as bypassing anti-sandbox and AMSI protections, makes it particularly dangerous, as it can evade detection by security software.

Signs of Infection

Users may notice several signs of infection. If you find unfamiliar applications or shortcuts on your desktop, it could indicate that VENON has replaced them. Additionally, if your banking applications behave strangely or if you are redirected to unexpected login pages, these are strong indicators of a compromise. The malware's ability to monitor active windows means it can capture sensitive information without alerting the user, making early detection challenging.

How to Protect Yourself

To safeguard against VENON and similar threats, users should take proactive measures. Always ensure your operating system and applications are up to date with the latest security patches. Be cautious when opening email attachments or downloading files from unknown sources, especially ZIP files. Consider using comprehensive security software that includes anti-malware and anti-phishing protections. Regularly monitor your financial accounts for unauthorized transactions and report any suspicious activity immediately.

By staying informed and vigilant, you can reduce the risk of falling victim to this sophisticated malware.

💡 Tap dotted terms for explanations

🔒 Pro insight: VENON's use of Rust and advanced evasion techniques signals a new trend in malware development, making it crucial for organizations to enhance their detection capabilities.

Original article from

SC Media

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

SmartApeSG Campaign Deploys Remcos RAT via ClickFix Page

A new campaign is using a fake ClickFix page to spread Remcos RAT. Individuals and organizations are at risk of remote access and data theft. Stay vigilant and protect your systems from this growing threat.

SANS ISC Full Text·
HIGHMalware & Ransomware

Ransomware Negotiator Allegedly Extorted Victims for Millions

A ransomware negotiator is accused of extorting victims for millions. DigitalMint claims ignorance of his actions. This scandal raises serious concerns about trust in cybersecurity professionals.

SC Media·
HIGHMalware & Ransomware

FBI Investigates Malware Spread Through Steam Games

The FBI is investigating malware hidden in Steam games. Gamers who installed these titles may have had their accounts compromised. If you played these games, report your experience to help the investigation.

BleepingComputer·
HIGHMalware & Ransomware

Credential Theft: Storm-2561 Spoofs VPN Clients to Steal Logins

A new cybercrime group is spoofing VPN clients to steal user credentials. Cisco and Fortinet users are particularly at risk. Stay alert and ensure you’re downloading software from official sources to protect your data.

The Register Security·
HIGHMalware & Ransomware

Ransomware Responder Allegedly Aided BlackCat Cybercriminals

A cybersecurity responder allegedly aided BlackCat hackers in negotiating higher ransoms. This shocking breach of trust has raised alarms in the industry. DigitalMint has since terminated the involved parties and is enhancing oversight.

The Record·
HIGHMalware & Ransomware

Authorities Disrupt SocksEscort Proxy Service Linked to AVrecon Botnet

Authorities have disrupted the SocksEscort proxy service tied to the AVrecon botnet. This operation affected around 360,000 devices globally. Criminals used these compromised devices for various illegal activities, leading to significant financial losses for victims.

Security Affairs·