Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This new malware campaign can hijack your Gmail or Outlook email account

Concept art representing cybersecurity principles

Cybersecurity researchers from Cisco Talos have spotted a new hacking campaign they claim is targeting victims’ sensitive data, login credentials, and email inboxes.

Horabot is described as a botnet that has been active for almost two and a half years now (first spotted in November 2020). During that time, it’s mostly been tasked with distributing a banking trojan and spam malware

Its operators seem to be located in Brazil, while its victims are Spanish-speaking users located mostly in Mexico, Uruguay, Venezuela Brazil, Panama, Argentina, and Guatemala.

Horabot botnet

The victims are found in different industries, from investment firms to wholesale distribution, from construction to engineering, and accounting.

The attack starts with an email message carrying a malicious HTML attachment. Ultimately, the victim is urged to download a .RAR archive, which holds the banking trojan. 

The malware is capable of doing plenty of things: stealing login credentials, logging keystrokes, and grabbing system information. By generating an invisible overlay, it is also capable of grabbing one-time security codes from multi-factor authentication (MFA) apps, essentially bypassing this crucial layer of security. 

Also, the trojan can take over the victims’ email accounts, including those from Outlook, Gmail, and Yahoo. The threat actors would then use this access to send spam messages to all of the contacts saved in the inbox, making its distribution and infection chain somewhat random and untargeted. To some extent, the trojan also works as a remote desktop management tool, as it can create and delete directories and files from the victim’s endpoint, the researchers said. 

Finally, the tool has several obfuscation features that prevent it from running in a sandbox environment, or next to a debugging tool, making discovery and subsequent analysis somewhat more difficult. 

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.