By Gerardo Corona & Julio Vidal Ocelot Team Context Ransomware gangs have found a profitable market in LATAM, but they are not alone, they need region-based actors to provide them the initial access to the companies. These local groups create phishing campaigns based on the government activities during the year, like Tax season, testament month, …
Botnet Fenix: New botnet going after tax payers in Mexico and Chile Read More »
Salvador Mendoza – Research and Development Director, Metabase Q // Research Summary Have you heard of AirTag by Apple? It is a tracking device developed by Apple and designed to help people find misplaced objects. However, even when Apple states that AirTag technology is solely used for tracking objects, a growing number of malicious individuals …
Fernando Garcia & Dan Regalado Ocelot team Context The Metabase Q Security Operations Center (SOC) triages millions of alerts a day but a recent attempt to infect a customer’s network caught our attention. Although the customers’ endpoint detection and response security tools properly blocked the initial payload, the use of fake certificates to try to …
Inside Mispadu massive infection campaign in LATAM Read More »
By Jesus Dominguez & Gerardo Corona from Ocelot Team Context ATMs are a core part of the financial system, providing users access to their money anytime at different physical locations. Over the past few years, attacks on these devices have increased in sophistication, severity, and frequency, resulting in significant consequences for both financial institutions and …
By Bryan Gonzalez from Ocelot Team Introduction ImageMagick is a free and open-source software suite for displaying, converting, and editing image files. It can read and write over 200 image file formats and, therefore, is very common to find it in websites worldwide since there is always a need to process pictures for users’ profiles, …
ImageMagick: The hidden vulnerability behind your online images Read More »
By Leonardo Beltran & Diana Tadeo Metabase Q’s Ocelot Team Context Grandoreiro is a Banking Trojan written in Delphi language that emerged in 2017, attacking mainly Brazil and some Latin American countries. This banking trojan is used as a backdoor to allow the attacker to access the victim’s devices and thus steal their banking information …
Grandoreiro banking malware: deciphering the DGA Read More »
By Jesus Dominguez from Metabase Q’s Ocelot Team Ploutus, one of the most sophisticated ATM malware families worldwide, is back with a new variant focused on Latin America. Discovered for the first time in 2013, Ploutus enables criminals to empty ATMs by taking advantage of ATM XFS middleware vulnerabilities via an externally connected device. Since …
Ploutus is back, targeting Itautec ATMs in Latin America Read More »
By Ramses Vazquez & Miguel Gonzalez from Metabase Q’s Ocelot Team Context DARKSIDE/BLACKMATTER/ALPHV-BLACKCAT The ALPHV Ransomware group also known as BlackCat has positioned itself in the Top 5 of most active ransomware groups. Among the target industries of this group are construction, energy, financial, logistics, manufacturing, pharmaceuticals, retail, and technology. The scheme under which this …
How does ALPHV operate the RaaS membership program? Read More »
Salvador Mendoza from Metabase Q’s R&D Team // Introduction Social engineering attacks are among the most difficult to combat since their modus operandi is not based on an algorithm that can be blocked by a software update. It rather takes advantage of the lack of knowledge and the trust of users (mainly new ones) to …
By Metabase Q’s Ocelot Threat Intelligence Team // Introduction LAPSUS$ is a cybercriminal group focused on cyberextortion with one single main objective, money. Hence the money symbol in their name. It’s important to mention that their way of acting is not traditional, this group enjoys the attention, so they choose to announce all their activities …
Redline, the infostealer used by LAPSUS$ in LATAM Read More »
Metabase Q is the leading end-to-end cybersecurity company focused on Latin America. We help your business get and stay secure through an integrated platform suite of offensive and defensive services and technologies
2193 Fillmore St. San Francisco, CA 94115
