There’s a renewed weapon of malware destruction in the
fields of war, and it goes by the name “Machete.” A targeted attack campaign
that kicked off in 2010 and now boasts an improved infrastructure, Machete has
mostly hit victims in Ecuador and Venezuela, with a smattering of victims in
other countries from the U.S. to Malaysia. Some of those affected are reportedly
military and intelligence organizations, embassies, and government agencies.
Machete is cyber-espionage malware that can log keystrokes, capture audio from a computer’s microphone, grab geolocation data, and copy files to a remote server or even to a special USB device, among other things.
Machete is cyber-espionage malware that can log keystrokes, capture audio from a computer’s microphone, grab geolocation data, and copy files to a remote server or even to a special USB device, among other things.
Machete Employs a
Spear
Like many other “advanced threats,” it makes the first cut with
a simple spear-phishing email or watering-hole attack that can easily fool an
end user with poor security awareness—unfortunately, there are still too many
of those—even in some organizations that should know much, much better.
Machete’s malicious files have .rar extensions, but are
actually Nullsoft self-extracting archives. File signature analysis using EnCase will easily spot these files with
false extensions. Endpoint visibility tools like EnCase Analytics and EnCase Cybersecurity
can give your security team the ability to hunt down the malicious files and
websites related to Machete that may already have caused your network to be
infected. Among others, these files include:
- Hermosa XXXpps.rar
- Suntzu.rar
- El arte de la guerra.rar
- Hot Brazilian XXX.rar
- Full list here
Have You Faced El Machete? I welcome comments in the section below, whether on this topic or on one you would like to see us write about in the Endpoint Intelligence blog.
No comments :
Post a Comment