Threats Archives - Metabase Q

Bluetooth Bugs Leaves Thousands of PoS Devices Vulnerable in LATAM

By Bryan Gonzalez from Ocelot Team Every year, Metabase Q conducts numerous assessments on Point of Sale (PoS) devices across LATAM. These assessments play a crucial role in strengthening companies’ devices before they hit the market. Through these evaluations, the Ocelot Offensive team has identified a prevalent trend: approximately 90% of PoS devices integrate Bluetooth […]

Bluetooth Bugs Leaves Thousands of PoS Devices Vulnerable in LATAM Read More »

TA558 group attacking legacy systems in LATAM

All, Threats / Metabase Q Team

By Bryan Gonzalez & Karla Gomez from Ocelot Team Context The purpose of this blog is to provide information about the TA558 adversary, who has been very active across different sectors in Mexico. This information is presented using the Diamond Model for intrusion analysis. The Diamond Model visually organizes key aspects of malicious activity in

TA558 group attacking legacy systems in LATAM Read More »

Episode V: Cybercartel strikes back

All, Threats / Metabase Q Team

By Gerardo Corona Ocelot Team Context After the discovery of the self-proclaimed local group “Fenix”, the Cyber Threat Intelligence team at Metabase Q has identified a malware distribution campaign attributed to a cybercriminal group in the region known as CyberCartel. CyberCartel, has been active in Mexico and other Latin American countries, including Chile, since around

Episode V: Cybercartel strikes back Read More »

Botnet Fenix: New botnet going after tax payers in Mexico and Chile

All, Threats / Metabase Q Team

By Gerardo Corona & Julio Vidal Ocelot Team Context Ransomware gangs have found a profitable market in LATAM, but they are not alone, they need region-based actors to provide them the initial access to the companies. These local groups create phishing campaigns based on the government activities during the year, like Tax season, testament month,

Botnet Fenix: New botnet going after tax payers in Mexico and Chile Read More »

Apple AirTags, Unwanted tracking capabilities

All, Threats / Metabase Q Team

Salvador Mendoza – Research and Development Director, Metabase Q // Research Summary Have you heard of AirTag by Apple? It is a tracking device developed by Apple and designed to help people find misplaced objects. However, even when Apple states that AirTag technology is solely used for tracking objects, a growing number of malicious individuals

Apple AirTags, Unwanted tracking capabilities Read More »

Inside Mispadu massive infection campaign in LATAM

All, Threats / Metabase Q Team

Fernando Garcia & Dan Regalado Ocelot team Context The Metabase Q Security Operations Center (SOC) triages millions of alerts a day but a recent attempt to infect a customer’s network caught our attention. Although the customers’ endpoint detection and response security tools properly blocked the initial payload, the use of fake certificates to try to

Inside Mispadu massive infection campaign in LATAM Read More »

FiXS the new ATM Malware in LATAM

All, Threats / Metabase Q Team

By Jesus Dominguez & Gerardo Corona from Ocelot Team Context ATMs are a core part of the financial system, providing users access to their money anytime at different physical locations. Over the past few years, attacks on these devices have increased in sophistication, severity, and frequency, resulting in significant consequences for both financial institutions and

FiXS the new ATM Malware in LATAM Read More »

ImageMagick: The hidden vulnerability behind your online images

All, Threats / Metabase Q Team

By Bryan Gonzalez from Ocelot Team Introduction ImageMagick is a free and open-source software suite for displaying, converting, and editing image files. It can read and write over 200 image file formats and, therefore, is very common to find it in websites worldwide since there is always a need to process pictures for users’ profiles,

ImageMagick: The hidden vulnerability behind your online images Read More »

Grandoreiro banking malware: deciphering the DGA

All, Threats / Metabase Q Team

By Leonardo Beltran & Diana Tadeo Metabase Q’s Ocelot Team Context Grandoreiro is a Banking Trojan written in Delphi language that emerged in 2017, attacking mainly Brazil and some Latin American countries. This banking trojan is used as a backdoor to allow the attacker to access the victim’s devices and thus steal their banking information

Grandoreiro banking malware: deciphering the DGA Read More »

Ploutus is back, targeting Itautec ATMs in Latin America

All, Threats / Metabase Q Team

By Jesus Dominguez from Metabase Q’s Ocelot Team Ploutus, one of the most sophisticated ATM malware families worldwide, is back with a new variant focused on Latin America. Discovered for the first time in 2013, Ploutus enables criminals to empty ATMs by taking advantage of ATM XFS middleware vulnerabilities via an externally connected device. Since

Ploutus is back, targeting Itautec ATMs in Latin America Read More »

Threats

Bluetooth Bugs Leaves Thousands of PoS Devices Vulnerable in LATAM

TA558 group attacking legacy systems in LATAM

Episode V: Cybercartel strikes back

Botnet Fenix: New botnet going after tax payers in Mexico and Chile

Apple AirTags, Unwanted tracking capabilities

Inside Mispadu massive infection campaign in LATAM

FiXS the new ATM Malware in LATAM

ImageMagick: The hidden vulnerability behind your online images

Grandoreiro banking malware: deciphering the DGA

Ploutus is back, targeting Itautec ATMs in Latin America

Sign up for product updates, resources, and news

company

resources

Product