• Home
  • Forum
  • News
  • Reviews
  • About
Sign in
Welcome!Log into your account
Forgot your password?
Password recovery
Recover your password
Search
Sign in
Welcome! Log into your account
Forgot your password? Get help
Password recovery
Recover your password
A password will be e-mailed to you.
Myce.com
  • Home
  • Forum
  • News
  • Reviews
  • About
Home News

Chaes Malware Targets MercadoLivre Customers

By
Maricar Sze
-
November 19, 2020
ADVERTISEMENT

Cybersecurity research team Cybereason Nocturnus discovered a new malware called Chaes aimed at users of Latin American e-commerce platform MercadoLivre. In a blog posted on the Cybereason website, Chaes manages to “evade antivirus tools.”

The malware is known to steal personal information from customers such as credit card numbers, site login credentials, and financial details. It is also known to take screenshots of infected systems. Moreover, it tracks Google Chrome to gather more user information.

ADVERTISEMENT

Cybereason Head Head of Threat Research Assaf Dahan told ZDNet that the infection starts through phishing emails with malicious .docx attachments, which uses “a template injection technique, using Microsoft Word’s built-in feature to fetch a payload from a remote server.”

New Malware Called Chaes

ZDNet also noted that the Chaes email can camouflage itself as a legitimate one by attaching “scanned by Avast” as a footnote.

ADVERTISEMENT

The malware came at a time when an increase in cybercrime against e-commerce platforms exists. To combat these threat actors, Cybereason researchers have been monitoring parties that used Chaes back when it was still undetected.

The emergence of Chaes in Latin America is just part of a string of malwares that have been arising in the region. Just last year, three notorious malwares were found in the region namely Grandoreiro, Ursa, and Astaroth.

According to the Nocturnus team, “These Latin American operations typically demonstrate some unique features when it comes to the tactics, techniques, and procedures (TTPs) employed, as well as how the malware is propagated to infect victims.”

These variants are known to use .MSI files to initially infect systems. The malware was also made using Delphi and significantly used LOLBins for execution, as well as the ability to download legitimate tools to further strengthen the infection and evade antivirus programs.

The report said that Chaes leverages verified programs such as Python, Unrar, and Node.js to stealthily infect the victim machine.

Given the evasive and multi-stage nature of the malware, Cybereason co-founder and CEO Lior Div said, “Threat actors put a great deal of time, resources, and effort into choosing their targets for criminal operations such as this, and a return on their investment is always top of mind.”

Div added that users should always be vigilant about their cyber hygiene, especially at a time when cybercrime is becoming more profitable for criminals.

The team also found that Chaes is evolving with new versions emerging, showing that the group behind the malware is improving it.

ADVERTISEMENT
  • TAGS
  • Antivirus Tools
  • avast
  • Chaes
  • credit card
  • Cyber Hygiene
  • cybercrime
  • Cybereason
  • Cybereason Nocturnus
  • e-commerce platform
  • google. chrome
  • malware
  • MercadoLivre Customers
  • microsoft word
  • personal information
  • Phishing Emails
  • Python
  • Remote Server
  • Site Login Credentials
  • Template Injection Technique
Previous articleFinancial Sector Jumps to Cloud Storage to Speed Up Data Management
Next articleYouTube Launches New Audio Ad Format for Music Fans
Maricar Sze

RELATED ARTICLESMORE FROM AUTHOR

Goldmoney to Offer Permanent Storage
News

Goldmoney to Offer Permanent Storage through Totenpass

High-Speed Storage and Data Science
News

Snowflake and Saturn Cloud Pioneer High-Speed Storage and Data Science

Amazon Ring Breach
News

Amazon Ring’s Neighbors App Suffers from Security Flaw

ADVERTISEMENT

RECENT NEWS

Goldmoney to Offer Permanent Storage through Totenpass

News Maricar Sze - January 15, 2021

Snowflake and Saturn Cloud Pioneer High-Speed Storage and Data Science

News Maricar Sze - January 15, 2021

Amazon Ring’s Neighbors App Suffers from Security Flaw

News Maricar Sze - January 15, 2021

The latest news surrounding digital storage products, cloud, data security, technology, fintech, games.

Myce B.V.
Cruquiuskade 251, 1018 AM Amsterdam, Netherlands.

Contact us: dan@myce.com

MORE RECENT NEWS

Snowflake to Leverage Data Storage

Carahsoft Tech Adds Snowflake to Leverage Data Storage in Gov’t

News January 7, 2021
Photonic Processors Accelerate AI Growth

Photonic Processors Can Help Accelerate AI Growth

News January 7, 2021
Agritech Firm CropIn

AI and Agritech Startup CropIn Raises $20M in Series C Funding

News January 7, 2021

POPULAR CATEGORY

  • News24511
  • Other16028
  • Piracy1016
  • Software815
  • Reviews581
  • Movies522
  • Music275
  • Apps175
  • Finance170
  • Forum
  • Privacy Policy
  • Terms and Conditions
  • Cookie Policy
  • About
© Copyright 1997 – 2021 Myce B.V. – All rights reserved. It is prohibited to use or publish this content without proper authorization. Offenders shall be subject to penalties provided by law.