Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

How AI Supercharges Transformational Change for ALS Imagination

When microgrids begin to talk to each other

Google launches DBSC Open Beta in Chrome and increases patch transparency via Project Zero

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Dark Caracal uses Poco Rat to target Spanish-speaking companies in Latin America
Identity

Dark Caracal uses Poco Rat to target Spanish-speaking companies in Latin America

userBy userMarch 5, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 5, 2025Ravi LakshmananCyber ​​Spy/Malware

The threat actor, known as Dark Caracal, was attributed to a campaign in 2024 that deployed a remote access trojan called Poco Rat in an attack targeting Spanish-speaking targets in Latin America.

The findings are from the Russian cybersecurity company’s positive technology, and the malware is described as loaded with a “spionage set of features.”

“You can upload files, capture screenshots, execute commands, and operate system processes,” Denis Kazakov and Sergey Samokhin said in a technical report published last week.

Poco Rat was previously recorded by Cofense in July 2024, detailing phishing attacks aimed at the mining, manufacturing, hospitality and utility sectors. Infection chains are characterized by the use of financial-themed lures that trigger a multi-step process for deploying malware.

Cybersecurity

The campaign wasn’t attributed to the threats of the time, but it said Positive Technology has identified a duplicate product with Dark Caracal, an advanced permanent threat (APT) known for running malware families such as Crossrat and Bandook. It has been in operation since at least 2012.

In 2021, the Cybermercists group was tied up with a bandid called the Cyberspy Campaign, which provided an updated version of Bandok malware for Spanish-speaking countries in South America.

The latest set of attacks continues to focus on Spanish-speaking users, leveraging phishing emails on invoice-related topics that are responsible for malicious attachments written in Spanish as the starting point. Analysis of Pokorat’s artifacts shows that invasions primarily target companies in Venezuela, Chile, the Dominican Republic, Colombia and Ecuador.

The attached decoy document impersonates verticals for a wide range of industries, including banking, manufacturing, medical, pharmaceuticals, logistics, and more, in an attempt to believe the scheme a little more.

When opened, the file redirects the victim to a link that triggers downloading of the .rev archive from legitimate file sharing services, such as Google Drive or Dropbox, or from cloud storage platforms.

“Files with the .rev extension were generated using Winrar and were originally designed to rebuild missing or corrupt volumes in multipart archives,” the researchers explained. “Threat actors can reuse them as stealth payload vessels, helping malware avoid security detection.”

In the archive, there is a Delphi-based Dropper responsible for launching Poco Rat. This allows you to establish contact with a remote server and have full control over the host compromised by the attacker. Malware retrieves names from using the POCO library in the C++ codebase.

Cybersecurity

Some of the supported commands by Poco Rat are listed below –

T-01 – Send collected system data to the Command and Control (C2) server T-02 – Get and send active window title to C2 server T-03 – Download and run executable file T-04.

“Pokorats do not have built-in persistence mechanisms,” the researchers said. “After the initial reconnaissance is complete, the server may issue commands to establish tenacity. Alternatively, an attacker can deploy the main payload using Poco Rat as a stepping stone.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleUK public EV charge point infrastructure boom exceeds 75,000
Next Article $ RNT: Real estate tokenization token
user
  • Website

Related Posts

Google launches DBSC Open Beta in Chrome and increases patch transparency via Project Zero

July 30, 2025

Hackers exploit SAP vulnerabilities to deploy automatic color malware in violation of Linux systems

July 30, 2025

Scattered spider hackers arrest arrest a halt attack, but copying threats maintain security pressure

July 30, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

How AI Supercharges Transformational Change for ALS Imagination

When microgrids begin to talk to each other

Google launches DBSC Open Beta in Chrome and increases patch transparency via Project Zero

Hackers exploit SAP vulnerabilities to deploy automatic color malware in violation of Linux systems

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

New Internet Era: Berners-Lee Sets the Pace as Zuckerberg Pursues Metaverse

TwinH Transforms Belgian Student Life: Hendrik’s Journey to Secure Digital Identity

Tim Berners-Lee Unveils the “Missing Link”: How the Web’s Architect Is Building AI’s Trusted Future

Dispatch from London Tech Week: Keir Starmer, The Digital Twin Boom, and FySelf’s Game-Changing TwinH

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.