Striking a Blow against El Machete

Alfred Chung

There’s a renewed weapon of malware destruction in the fields of war, and it goes by the name “Machete.” A targeted attack campaign that kicked off in 2010 and now boasts an improved infrastructure, Machete has mostly hit victims in Ecuador and Venezuela, with a smattering of victims in other countries from the U.S. to Malaysia. Some of those affected are reportedly military and intelligence organizations, embassies, and government agencies.

Machete is cyber-espionage malware that can log keystrokes, capture audio from a computer’s microphone, grab geolocation data, and copy files to a remote server or even to a special USB device, among other things.

Machete Employs a Spear

Like many other “advanced threats,” it makes the first cut with a simple spear-phishing email or watering-hole attack that can easily fool an end user with poor security awareness—unfortunately, there are still too many of those—even in some organizations that should know much, much better.

Machete’s malicious files have .rar extensions, but are actually Nullsoft self-extracting archives. File signature analysis using EnCase will easily spot these files with false extensions. Endpoint visibility tools like EnCase Analytics and EnCase Cybersecurity can give your security team the ability to hunt down the malicious files and websites related to Machete that may already have caused your network to be infected. Among others, these files include:

  • Hermosa XXXpps.rar
  • Suntzu.rar
  • El arte de la guerra.rar
  • Hot Brazilian XXX.rar
  • Full list here
Have You Faced El Machete? I welcome comments in the section below, whether on this topic or on one you would like to see us write about in the Endpoint Intelligence blog.

No comments :

Post a Comment