Chaes Malware
An unknown cybercrime organization is targeting Latin American users with a new piece of malware, which goes by the name Chaes. The newly identified threat aims to collect payment information and other data from its victims. Surprisingly, it does not target customers of Latin American banks and financial institutions. Instead, the Chaes Malware appears to specialize in going after users of the MercadoLivre, a marketplace popular in the region. Apart from fulfilling the purpose of an online marketplace, the MercadoLivre service also is used as an auctioneering platform. The malware is delivered to the MercadoLivre service users via spear-phishing emails claiming to contain information about a recent purchase. To make the spam campaign more believable, the criminals included a fake anti-virus statement, which assures the user that the file attachment is scanned and safe.
Latin American Users Targeted by Spear-Phishing Emails
The spear-phishing emails contain a DOCX file that carries a hidden macros script designed to deploy and initialize the Chaes Malware. Once active, the Chaes malware would begin to monitor Web browsing activity, and it would become more active when the user is browsing the websites of MercadoLivre and MercadoPago. Furthermore, cybersecurity experts identified a cryptocurrency mining module on many of the systems infected by the Chaes Malware. It is possible that the perpetrators of the attack might be deploying more than one piece of malware.
So far, it seems that the Chaes Malware targets the MercadoLivre platform exclusively, but experts note that the malware appears to be receiving regular updates. This may mean that the criminals are using the MercadoLivre campaign as a testing ground, and they will soon broaden the scope of their operation.
The Chaes Malware is designed to collect system information, data from the Google Chrome browser, as well as login credentials for email and FTP services. The threatening implant can grab screenshots when the user is browsing MercadoLivre pages, and the criminals also can initialize a remote Chrome session to browse MercadoLivre's website.
While the Chaes Malware is not as advanced as many of the banking Trojans operating in Latin America, it is not a threat that can be underestimated certainly. It boasts excellent information collecting capabilities, and it would turn into a much more serious issue if its creators manage to configure it to work with other online services popular in the region. Users worldwide can stay safe from the Chaes Malware by protecting their Windows computer with a reputable anti-virus product.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.