Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign Targeting Brazil With Astaroth Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Water Makara, a threat actor group, is targeting enterprises in Brazil with a spear phishing campaign using the Astaroth banking malware. The attackers employ obfuscated JavaScript to bypass security defenses, often impersonating official tax documents to trick users. The campaign primarily affects manufacturing companies, retail firms, and government agencies. The attack chain involves malicious ZIP files containing LNK files that execute JavaScript commands, establishing connections to a C&C server. The malware uses domain generation algorithms and various file extensions to spread. This campaign highlights the importance of user awareness, security training, and robust cybersecurity measures to mitigate such threats.
OPENCTI LABELS :
brazil,spear phishing,astaroth,lnk files,domain generation algorithm,tax documents,obfuscated javascript,banking malware
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign Targeting Brazil With Astaroth Malware