Morphisec recently identified a more advanced version of the Chaes malware. Dubbed Chae$ 4, this new variant is specifically designed to target clients of financial and logistics companies located in Latin America.
Diving into details
- It primarily utilizes Python and employs decryption and dynamic in-memory execution techniques, effectively bypassing traditional defense systems.
- Chae$ 4 has expanded its scope to target a wider range of services, including prominent platforms and banks such as Mercado Libre, Mercado Pago, WhatsApp Web, Itau Bank, Caixa Bank, and MetaMask.
- The variant employs WebSockets as the primary communication method between its modules and the C2 server.
- In addition, the threat actor seems specifically interested in cryptocurrency, which is highlighted by the usage of a clipper module to steal ETH and BTC and a file upload module that facilitates the theft of MetaMask files and credentials.
More malware threats
- MMRat, a new Android malware, has been discovered targeting mobile users in Southeast Asia, using phishing websites and disguising as official apps to perform bank fraud and steal personal data.
- Since August, a campaign has been specifically targeting developers who create scripts for Roblox. The campaign leveraged the Luna Grabber info-stealer that can illicitly gather information from web browsers, Discord applications, and system settings.
The bottom line
Chae$ 4 poses a significant threat to financial and logistics customers and hence, mounting the appropriate cyber defenses is paramount. To bolster defenses against such threats, it’s essential to regularly update and patch software, employ robust endpoint security solutions, and educate users about the dangers of downloading apps and software from unverified sources.