Inside the Latrodectus Malware Campaign

SUMMARY :

The Latrodectus malware campaign employs a combination of traditional phishing techniques and innovative payload delivery methods to target financial, automotive, and healthcare sectors. The attack chain begins with compromised emails containing malicious PDF or HTML attachments, which redirect users to download obfuscated JavaScript. This script then downloads and executes an MSI file, dropping a malicious 64-bit DLL in the %appdata% folder. The DLL, disguised with fake NVIDIA version information, unpacks another payload in memory and connects to a command and control server. The campaign utilizes URL shorteners, compromised domains, and well-known storage services to host malicious payloads, demonstrating a sophisticated blend of old and new tactics to evade detection.

OPENCTI LABELS :

phishing,obfuscation,javascript,icedid,healthcare,msi,latrodectus,financial,automotive,dll,activex,rundll32


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Inside the Latrodectus Malware Campaign