Metabase Q's offensive security team, Ocelot, discovered multiple malicious campaigns from the criminal group, EvilCorp. Since April 2021, they have been compromising Mexican websites and then using them to distribute their preferred malware: Dridex, which has successfully stolen bank information from its victims since 2014.
At the end of 2019, the Department of Justice of the United States, offered $5 million dollars to capture one of Evil Corp.'s Russian founders: Maksim Yakubets, who has been a critical piece of the organization since 2009. He has been recruiting hackers to join their ranks, laundering more than $100 million dollars collected from their victims, mainly from USA and Europe, and transferring the funds to their members, who are primarily located in Russia and Ukraine. This group is credited with creating the Dridex malware, which is usually deployed via e-mail using malicious Microsoft Office macros.
To create greater awareness around these types of attacks in the region, Metabase Q and it is Offensive Security Team, Ocelot decided to publish the details of these campaigns in Mexico. We are focusing on three campaigns that started in April 2021. They all have the download of different malicious payloads from the compromised website of a Congresswoman.