Threats Tagged 'metamorfo - s0455'
View all threats tagged with 'metamorfo - s0455'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'metamorfo - s0455'
Click on any threat for detailed analysis and mitigation recommendations
Inside Banana RAT: From Build Server to Banking Fraud 0 An MDR investigation successfully mapped the complete operational infrastructure of Banana RAT, a Brazilian banking trojan operated by threat cluster SHADOW-WATER-063. The investigation uncovered both server-side and client-side components, revealing a sophisticated FastAPI-based polymorphic payload generation system that produces hash-unique builds to evade detection. The malware employs layered obfuscation, AES-wrapped payloads, and fileless PowerShell execution. Once deployed, it enables operator-driven fraud through remote input control, keylogging, screen streaming, bank-branded overlays, and Pix QR code interception specifically targeting Brazilian financial institutions. The tooling exclusively targets 16 Brazilian banks and crypto exchanges, with all operator artifacts written in Brazilian Portuguese, indicating a financially motivated actor operating within the Tetrade banking trojan ecosystem. Join the discussion | AlienVault OTX General | 05/19/2026, 22:26:55 UTC Added: 05/21/2026, 00:33:32 UTC |
How to uncover a Horabot campaign and detect this malware 0 This report details the discovery and analysis of a Horabot malware campaign targeting primarily Mexican users. The attack chain begins with a fake CAPTCHA page leading to multiple stages of obfuscated scripts, ultimately delivering an AutoIT loader and a Delphi-based banking Trojan. The malware employs sophisticated encryption techniques, anti-VM checks, and a custom protocol for C2 communication. It also includes a spreader component written in PowerShell that harvests and exfiltrates email addresses to distribute phishing emails. The analysis reveals Brazilian Portuguese comments in the code, suggesting the threat actor's origin. The report provides detection opportunities including YARA rules and hunting queries to identify this threat. Join the discussion | AlienVault OTX General | 03/18/2026, 11:15:06 UTC Added: 03/18/2026, 16:42:29 UTC |
Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp 0 The Water Saci campaign is a sophisticated malware operation primarily targeting Brazilian banking and cryptocurrency platforms via WhatsApp. It employs multi-format malware delivery using various scripting languages, including a shift from PowerShell to Python, likely enhanced by AI tools to evade detection and complicate analysis. The malware features aggressive anti-sandbox techniques, extensive backdoor capabilities, and persistence mechanisms. Although currently focused on Brazil, the use of WhatsApp as a propagation vector and targeting financial applications poses a potential risk to European organizations with ties to Brazilian markets or users. The campaign’s complexity and AI-enhanced development pipeline indicate a medium severity threat with significant evasion and persistence capabilities. Defenders should prioritize monitoring WhatsApp-based phishing attempts, scrutinize multi-format file attachments, and implement advanced behavioral detection to mitigate risks. Countries with strong economic or diaspora links to Brazil and high WhatsApp usage are more likely to be affected. Join the discussion | AlienVault OTX General | 12/02/2025, 14:44:59 UTC Added: 12/03/2025, 17:44:04 UTC |
Showing 1 to 3 of 3 results