Healthcare
Education
IT & Telecom
Government
CISO/CTO
DevSecOps
Product
Our Product
We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.
Solutions
By Industry
BFSI
Healthcare
Education
IT & Telecom
Government
By Role
CISO
Application Security Engineer
DevsecOps Engineer
IT Manager
Resources
Resource Library
Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.
Subscribe to Our Weekly Threat Digest
Company
Contact Us
Have queries, feedback or prospects? Get in touch and we shall be with you shortly.
Chaes
Banking Trojan
Chrome
Brazilian e-banking users actively targeted by Chaes a new banking trojan infected over 800 sites
Chaes banking trojan spread via over 800 infected WordPress sites to target Brazilian e-banking users...
26-Jan-2022
1 min read
MSI installer contains three malicious JavaScript files (install.js, sched.js, sucesso.js) that prepare the Python environment for the next stage loader.
The sched.js script adds persistence by creating a Scheduled Task and a Startup link, and sucesso.js is responsible for reporting the status to the C2.
Meanwhile, the install.js script performs the following tasks:
Check for Internet connection (using google.com)
Create %APPDATA%\\\\extensions folder
Download password-protected archives such as python32.rar/python64.rar and unrar.exe to that extensions folder
Write the path of the newly created extensions folder to HKEY_CURRENT_USER\\Software\\Python\\Config\\Path
Performs some basic system profiling
Execute unrar.exe command with the password specified as an argument to unpack python32.rar/python64.rar
Connect to C2 and download 32bit and 64bit __init__.py scripts along with two enc
Related Articles
Solutions
Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.
Find Us Online
contact@secureblink.com
