← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Fakext malware targets Latin American banks
WHITE Fakext AlienVault 2024-03-08 Modified: 2024-03-08
19
IOCs
MEDIUM VOLUME
A new malware campaign called Fakext is using malicious browser extensions to steal credentials and install remote access tools on victims' devices. The campaign is primarily targeting banks in Latin America. The malware uses man-in-the-browser attacks and web injections to steal input fields and display fake pages prompting victims to download remote access tools. Technical analysis shows the malware uses evasive techniques like domain spoofing and anti-debugging methods.
trojanfakext
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Fakext
Indicators of Compromise (19)
All FileHash-MD5 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 043bac1634491871ece146331382aaec 2024-03-08
FileHash-MD5 1ef985af2759d1212c2434429b627f30 2024-03-08
FileHash-MD5 43f5015b531c12dd493d38625b7fdcdb 2024-03-08
FileHash-MD5 6338b852beff119e0e1e865114c1d8d1 2024-03-08
FileHash-MD5 679a3338b21f46f395b2fab8b7d982a9 2024-03-08
FileHash-MD5 6d109561f4809f573eb155d7c1fa41e3 2024-03-08
FileHash-MD5 8a137243b27abf67263e5955ad05bf2f 2024-03-08
FileHash-MD5 a42e363ed8270f280d285773ec372bd5 2024-03-08
FileHash-MD5 a468cbbc8a9aa65dadeaed52bfa44ec0 2024-03-08
FileHash-MD5 a9a3940107b33d5182b0d1e99f8ae812 2024-03-08
FileHash-MD5 e8c81650adbb84b922455450ec04f1d0 2024-03-08
FileHash-MD5 e97da26cfd542bfad2ee2308f5c507cb 2024-03-08
FileHash-MD5 f71e706752c135452ae5977300bc135e 2024-03-08
domain fastify.sbs 2024-03-08
domain jschecks.com 2024-03-08
hostname browser.internalfiles.sbs 2024-03-08
hostname cdn.jsassets.sbs 2024-03-08
hostname cdn.lll.yachts 2024-03-08
hostname prod.jslibrary.sbs 2024-03-08
References (1)
↗ https://securityintelligence.com/posts/fakext-targeting-latin-american-banks/