Cybercrime Targets Peru’s Financial Institutions

A wave of cyberattacks has been reported in Peru, targeting banks and financial institutions across the country. The attacks are part of a larger Distributed Denial of Service (DDoS) campaign that has also affected other countries.

Alerts Issued by Government and Financial Institutions

The Peruvian government and financial institutions have issued alerts warning citizens and customers about the potential risks associated with these attacks. They urge people to be cautious when clicking on links or opening emails from unknown senders, as they may contain malware or phishing attempts.

Phishing Campaign

Researchers have identified a phishing campaign that appears to be part of the larger DDoS attack. The campaign uses phishing emails with clickable links that redirect users to malicious websites. The emails are designed to look like legitimate investment opportunities, but in reality, they aim to steal sensitive information from victims.

Key Features of the Phishing Campaign

• Targeted Countries: Peru and other countries, including Thailand, Malaysia, Indonesia, the USA, and European and Asian countries.
• Social Engineering Tactics: The attackers use a combination of social engineering tactics and malware to trick victims into revealing their financial information.

Malware Detection

Researchers have detected a malicious file associated with the phishing campaign, which is identified as PUA_INSTALLCORE.GAX. The file connects to a command-and-control (C&C) server located at http://dev.sad-teh.com/. The C&C server is used by attackers to control and manage their malware.

Recommendations

To mitigate the risks associated with these attacks, researchers recommend that users:

• Be cautious when clicking on links or opening emails from unknown senders
• Avoid downloading files or software from untrusted sources
• Use strong antivirus software and keep it up-to-date
• Use a reputable security solution to protect against malware and phishing attempts

Indicators of Compromise (IOCs)

• URLs: https://flare.draftsoftwaresets.win/?afgasd=MdPY0PcprjvQCaRkZQ2kTycIT47NXxmNcEA1m_B-Dp3b1NX95dGeGr4w06ppke1s4rVXeo_aSduf2KpQZeUnyA..&cid=kUS25GII0009OG1002S11B94H00MKLWF0TPC1VM568YA0G9L00MKL00&sid={channel_id}-{schannel_id}&v_id=4NHGmobEQSeGt-lV70gmxiwEwJgSt44g5Uhk1BD0t6I
• Hashes (SHA-256): f6b379a624f67169d4b20d553a5a1aa02170a022f4ae909c0d5c3b27af27c8f4

Additional Security Measures

Organizations can also consider implementing Trend Micro XGen security, which provides a cross-generational blend of threat defense techniques against a full range of threats.