Phishing Campaign Uses Maduro Arrest Story to Deliver Backdoor Malware

Cybercriminals are leveraging the recent arrest of Venezuelan President Nicolás Maduro to distribute sophisticated backdoor malware.

The attack likely begins with a spear-phishing email containing a zip archive named “US now deciding what’s next for Venezuela.zip”. Inside, victims find an executable file titled “Maduro to be taken to New York.exe” alongside a malicious dynamic-link library called “kugou.dll”.

The executable is a legitimate KuGou binary, but has been weaponized via DLL hijacking to load the malicious library, according to Darktrace security researchers.

After the system restarts, the malware initiates regular encrypted connections to a command-and-control server at 172.81.60[.]97 on port 443. These periodic connections enable the malware to receive instructions and configurations from the attackers.

To read the complete article see: https://cybersecuritynews.com/phishing-campaign-uses-maduro-arrest-deliver-malware/