In Western media, hackers are usually portrayed as Chinese, Russian, or North Korean. And in Eastern media, they are often depicted as American, Israeli, or Ukrainian.
But we know that such specialists exist not only in these six countries. They are simply overlooked. Let’s correct this bias.
For example, last year, experts from our MDR team exposed a rather complex malicious campaign called Horabot, targeting residents of Mexico (over 5,000 victims).
The attack begins with a fake CAPTCHA on a compromised website: under the guise of “checking for robots,” the victim is convinced to execute a command that leads to the download of malicious components from the attacker’s website. These components include a banking trojan that steals the victim’s passwords, as well as a program for collecting email addresses and sending phishing emails with malicious attachments.
But the most intriguing part of this investigation is attribution. Although most victims are in Mexico, and the trojan shows them fake bank pages in Spanish, our experts believe that the malware originated from Brazil.
And not only because comments in the code were found in Brazilian Portuguese. Some of these comments are written in a very formal language, which suggests the use of LLM (i.e., it could be a “false flag”). But there are also comments in slang that is only understandable to native speakers of the living Brazilian dialect of the Portuguese language. For example, the word “sapecar”.
What this word means, as well as other details of the investigation and indicators of compromise for identifying the Horabot attack, can be found in the article by Mateus Salgado and Domenico Caldarella.
