Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign Targeting Brazil With Astaroth Malware

Oct. 15, 2024, 10:15 a.m.

Description

Water Makara, a threat actor group, is targeting enterprises in Brazil with a spear phishing campaign using the Astaroth banking malware. The attackers employ obfuscated JavaScript to bypass security defenses, often impersonating official tax documents to trick users. The campaign primarily affects manufacturing companies, retail firms, and government agencies. The attack chain involves malicious ZIP files containing LNK files that execute JavaScript commands, establishing connections to a C&C server. The malware uses domain generation algorithms and various file extensions to spread. This campaign highlights the importance of user awareness, security training, and robust cybersecurity measures to mitigate such threats.

Date

Published: Oct. 15, 2024, 8:51 a.m.

Created: Oct. 15, 2024, 8:51 a.m.

Modified: Oct. 15, 2024, 10:15 a.m.

Attack Patterns

Guildma

Astaroth - S0373

Water Makara

Additional Informations

Retail

Government

Manufacturing

Brazil