A modified version of a threat that first appeared in 2014 is successfully targeting users in Latin America according to the SPEAR research team at threat prevention specialist Cylance. Attackers using the El Machete malware -- first identified by Kaspersky -- have moved to new C2 (command and control) infrastructure, based largely around dynamic DNS domains, in addition to making some minimal changes to the malware in order to evade signature-based detection. SPEAR has been able to identify just over 300 unique victims over the past month as well as over 100GB worth of data that was successfully extracted and…
[Continue Reading]