The Cybereason Nocturnus Team has identified an active campaign targeting customers of a large e-commerce platform with newly discovered multi-stage malware that evades antivirus tools dubbed Chaes. The info-stealing malware is designed to harvest sensitive consumer information, including login credentials, credit card numbers and other financial information.
E-commerce platforms have been a favored target for cybercriminals, and the sharply increased volume of online shopping spurred by the COVID-19 pandemic have made attacks potentially even more profitable. According to data from the recent IBM U.S. Retail Index released in August of this year, “the pandemic has accelerated the shift away from physical stores to digital shopping by roughly five years,” and “e-commerce is projected to grow by nearly 20% in 2020” (TechCrunch).
The Cybereason Nocturnus Team has been tracking threat actors leveraging the previously undetected Chaes malware to primarily target Brazilian customers of the largest e-commerce company in Latin America, MercadoLivre. The researchers noted that the Latin American cybercrime scene has evolved a great deal in recent years, with some of the more notorious malware variants gaining prominence in just the last year, including Grandoreiro, Ursa and Astaroth.The Cybereason Nocturnus Team has been tracking threat actors leveraging the previously undetected Chaes malware to primarily target Brazilian customers of the largest e-commerce company in Latin America, MercadoLivre. The researchers noted that the Latin American cybercrime scene has evolved a great deal in recent years, with some of the more notorious malware variants gaining prominence in just the last year, including Grandoreiro, Ursa and Astaroth.
Install an endpoint protection solution to help mitigate similar attacks.
Consider using a password manager to ensure strong account credentials and avoid plain-text exposure of usernames and password on both browser-based and local applications.
Consider social engineering awareness and training, which are key in preventing such attacks.