Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors
Apr 02, 2024
Malvertising / Threat Intelligence
The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, the United States, Colombia, Portugal, Brazil, Dominican Republic, and Argentina. Active since at least 2018, TA558 has a history of targeting entities in the LATAM region to deliver a variety of malware such as Loda RAT, Vjw0rm, and Revenge RAT. The latest infection chain, according to Perception Point researcher Idan Tarab , leverages phishing emails as an initial access vector to drop Venom RAT , a fork of Quasar RAT that comes with capabilities to harvest sensitive data and commandeer systems remotely. The disclosure comes as threat actors have been increasingly observed using the DarkGate malware loader following the law enforcement takedown of QakBo