February 28, 2024 at 03:21AM
Mexican users have been targeted with tax-themed phishing lures since November 2023 to distribute a new Windows malware called TimbreStealer. The skilled authors use sophisticated tactics like geofencing and obfuscation to evade detection and ensure persistence. The malware harvests a wide range of data and targets various industries, with a focus on manufacturing and transportation. Cisco Talos also identified overlaps with a Mispadu spam campaign from September 2023, and a new information stealer called Atomic capable of gathering data from Apple macOS systems has emerged.
Summary of Meeting Notes:
– Mexican users targeted with tax-themed phishing lures since November 2023 to distribute Windows malware TimbreStealer
– Phishing campaign uses geofencing to target Mexico and evade detection from other locations
– Malware employs evasive tactics such as obfuscation, custom loaders, system calls, and Heaven’s Gate for execution
– TimbreStealer harvests data including credentials, system metadata, URLs, and verifies remote desktop software
– Overlaps identified with Mispadu spam campaign in September 2023; target industries include manufacturing and transportation sectors
– Emergence of new information stealer Atomic capable of gathering data from Apple macOS systems
– New stealer malware families such as XSSLite observed; existing strains like Agent Tesla and Pony continue to be used for information theft
Let me know if there’s anything else you need assistance with regarding these meeting notes.