The CHIMBORAZO hacking group which is an experienced criminal collective has devised a new infection method delivering the GraceWire Trojan. The hacking group is now able to deploy the malware using a technique that can automated security analysis.
The GraceWire Trojan Is Delivered With a Novel Technique By The CHIMBORAZO Hackers
One of the recent malware which has been featured in ongoing attacks is the GraceWire Trojan. The criminal group which is responsible for the campaign is CHIMBORAZO which is known by security experts for being an experienced collective. The security reports indicate that the beginning of the attacks were detected in early June this year and resurged this week when newer samples have been found. The method of infection is still email messages which may include SPAM or phishing content which means that the criminals can send out messages in bulk.
The contents of the messages includes either a redirect link or a malware HTML attachment, when they are opened or accessed by the users will lead to the Trojan deployment page. One of the distinct features of this attack is that the landing page will contain a CAPTCHA prompt. This is a novel feature as such pages are usually part of legitimate services and online sites. When the CAPTCHA form is validated a Microsoft Excel document will be loaded which contains malicious macros. When the document is opened by the program a prompt will be shown asking the users to enable the scripts. If this is done the Trojan will be downloaded from a remote server and run on the local computers.
The GraceWire Trojan is one of the advanced malware of the Trojan category which have been detected for the first time in January 2020. Back then it was delivered using the Necurs botnet, one of the long-time used weapons of criminal groups. It is capable of not only overtaking control of the victim machines, but also to hijack user information and deploy additional viruses. GraceWire can also be programmed to manipulate sensitive configuration files leading to sabotage and severe performance issues.