Appearing flattered by the dogged analysis of Chaes malware over the years, the infostealer's developer dropped secret messages in the latest version of the code praising threat hunter efforts and thanking them for the interest.
Analysis of infostealer Chaes 4.1 in debug mode reveals a number of intricate ASCII art pieces hidden within the code, according to Morphisec malware researcher Arnold Osipov, who also received a special shout-out message from the malware developers, also hidden within the infostealer malware code.
The code also contains a mention that the Chaes team was discovered by Cybereason three years ago.
The current Chaes campaign being tracked by Osipov uses a Portuguese-language email, purportedly from an attorney about an urgent legal matter.
If the user clicks the malicious link they are delivered to a spoofed website for TotalAV, asked to add their password to download a document, which then serves up the MSI installer, Morphisec's new report explained.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 18 Jan 2024 15:20:23 +0000