January 18, 2024 at 10:29AM
The latest version of the Chaes infostealer code contains secret messages praising threat hunters for analyzing their work. Additionally, intricate ASCII art pieces are hidden within the code. The malware developers also express gratitude to security researchers, including a special shout-out message to Morphisec researcher Arnold Osipov. The code mentions that the Chaes team was discovered by Cybereason three years ago. The current Chaes campaign uses a Portuguese-language email to deliver malicious links and has included improvements in the “Chronod” module for intercepting victim browser activity. This marks the first time such gratitude has been expressed directly within the code.
From the meeting notes:
– The developers of the Chaes infostealer malware have embedded secret messages in the latest code to thank and praise threat hunters and researchers, including a special shout-out to Arnold Osipov from Morphisec.
– The code also contains a reference to being discovered by Cybereason three years ago and a mention of a current campaign using Portuguese-language emails purportedly from an attorney about an urgent legal matter.
– The latest campaign involves phishing tactics using a spoofed website for TotalAV and a malicious link that delivers an MSI installer, with improvements noted in the “Chronod” module intercepting victim browser activity.
– This marks the first time the threat actor has directly expressed gratitude within the code itself.
Please let me know if there is anything else you need.