430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VBE files on the rise in Brazil leading to Financial Fraud

Security experts at Kaspersky Lab recently observed a big wave of malicious VBE files targeting Brazilian users to distribute Financial Trojan. Recently security experts have seen old tricks rising from the dead (like for example word/excel macros attachment in e-mails) and malicious VBE files are being spread via email targeting Brazilian users. These VBE files […]

VBE files on the rise in Brazil leading to Financial Fraud

Security experts at Kaspersky Lab recently observed a big wave of malicious VBE files targeting Brazilian users to distribute Financial Trojan.

Recently security experts have seen old tricks rising from the dead (like for example word/excel macros attachment in e-mails) and malicious VBE files are being spread via email targeting Brazilian users.

These VBE files end up to be downloaded by users and when opened serve a banking Trojan malware on the victim’s machine.

Talking about the attack itself, all starts with an email with a .ZIP attachment or including a link to the malicious VBE file. These emails can be related with many subjects, recently attackers are using the Windows 10 release as the subject.

The malicious file attached or downloaded is very small, normally less than 1KB. Analyzing the file, we may find it encoded and looking like this:

malicious VBE file email 3

After decoding, it will be possible to see the real intentions of the person or group who wrote the malicious file, in the specific case we see a reference to a website:

malicious VBE file email 4

This malware belongs to the family of Banload and looking worldwide we see Brazil, Portugal and Spain as the most targeted countries:

malicious VBE file email 2

This is another case among many others, it is necessary to adopt mitigation techniques that can help security departments to control such kind of attacks.

The images used in this post were taken from a blog post published by the security expert Fabio SecureList post.

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as known in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as known in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – VBE file, macros)

[adrotate banner=”12″]