Mexican users have been targeted with tax-themed phishing lures to distribute a previously undocumented Windows malware called TimbreStealer.
The phishing campaign uses sophisticated obfuscation techniques to sidestep detection and ensure persistence, and geofencing to target users in Mexico. It also leverages custom loaders and direct system calls to bypass conventional API monitoring.
TimbreStealer comes with several embedded modules for orchestration, decryption, and protection of the main binary, while also running a series of checks to determine if the machine has been previously infected.
The disclosure comes amid the emergence of another information stealer called Atomic (aka AMOS), which uses Python and Apple Script code.
New stealer malware families were released, such as XSSLite, and existing strains like Agent Tesla and Pony continued to be used.
© Copyrigths 2021, FOXDOS. All Rights Reserved.