216.73.216.133

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

· Published 31/05/2024 14:27 · Modified 31/05/2024 15:03

Export JSON

Essential information

Published
31/05/2024 14:27
Modified
31/05/2024 15:03
Tags
2024-05-31 access_pc_client.dll banking brazil carnavalheist keylogging overlay trojan
Related entities
61 observables, 1 intrusion sets (apt), 2 malware, 2 others

Description

Cisco Talos has been observing an active campaign targeting Brazilian users with a new dubbed ''. The malware employs common tactics like financial-themed spam emails, Delphi-based DLLs, attacks, and input capture techniques like and screen capture. However, it uniquely uses a Python-based loader for DLL injection and specifically targets Brazilian applications. Talos attributes the development and operation of to Brazilian actors identified through operational mistakes during domain registration. The campaign has been active since at least February 2024, and the is still under active development.

External references