SCILabs recently exposed a widespread and sophisticated cyberattack campaign in Latin America, dubbed Operation Gecko Assault, which aims to steal financial data and login credentials from unsuspecting users. The primary targets of this operation seem to be individuals in Argentina, as the attackers use phishing emails posing as messages from the country’s national tax agency, AFIP, to lure victims into downloading malicious files.
Upon conducting a thorough investigation, SCILabs uncovered the tactics, techniques, and procedures employed by the cybercriminals in distributing malware. While the exact method of distribution remains unclear, phishing appears to be the primary approach, with malicious links and attachments designed to exploit vulnerabilities in compromised websites. Furthermore, the attackers have taken control of legitimate domains like opticasdavid.com and hotelandino.com to disseminate the malware, indicating a high level of sophistication in their operations.
The attack typically starts with phishing emails sent under the guise of official AFIP communications, directing recipients to compromised websites harboring malware-infected ZIP files. Victims are then prompted to solve a CAPTCHA challenge to evade automated security measures before downloading a ZIP file named Fact_AFIP_659341, containing malicious components. This ZIP file includes a legitimate executable for GoToMeeting that acts as a trojan horse, injecting a malicious DLL to initiate the next stage of the malware operation.
The malicious DLL exploits known vulnerabilities in the victim’s system environment, facilitating the execution of additional payloads. Subsequently, the compromised executable downloads two files to the victim’s system, including an AutoIt V3 executable and a malicious AutoIt script, both of which create a backdoor for the attackers to access sensitive data and maintain control over the infected machine.
The cybercriminals behind Operation Gecko Assault demonstrate sophisticated technical skills by exploiting vulnerabilities, leveraging trusted applications, and utilizing social engineering tactics to avoid detection. The potential consequences of this attack range from financial losses to data breaches and reputational harm. The complexity of this campaign underscores the challenges faced by cybersecurity professionals in combatting evolving cyber threats, particularly in Latin America, where targeted attacks are on the rise.
In light of these developments, organizations in the region must bolster their defenses and remain alert to mitigate the risks posed by such advanced cyber threats. Operation Gecko Assault serves as a stark reminder of the importance of vigilance and proactive cybersecurity measures in safeguarding against malicious activities targeting individuals and institutions alike.