Updated IOCs on AllaSenha - Malware Aims At Stealing Brazilian Bank Account Credentials
"Researchers have identified a malicious payload called ""AllaSenha"" targeting Brazilian bank accounts. Delivered via a complex infection chain involving Python scripts and a Delphi-developed loader AllaSenha aims to steal banking credentials and uses Azure cloud for command and control. It is a custom variant of the AllaKore RAT often used against Latin American users. The attack begins with phishing emails containing malicious links to payloads hosted on cloud services. When a user clicks a link they are shown a Windows Explorer window displaying files at a remote WebDAV path tricking them into executing a malicious LNK file. This LNK file opens a fake PDF and triggers the download and execution of a launcher leading to the installation of AllaSenha which then exfiltrates banking credentials."