Chae$ 4.1, the latest variant in the Chae malware Infostealer series, has been documented by Morphisec Threat Labs in their investigation of emerging cyber threats. This new variant, an update to Chae$4, showcases improved mechanics, implications, and safeguarding measures.
The malware initially targeted login credentials, financial data, and sensitive information from e-commerce customers in Brazil. In version 4.1, Morphisec reveals enhancements, including an improved Chronod module and an intriguing direct message within the source code, representing a significant advancement over previous iterations.
The infection chain of Chae$ 4.1 begins with a deceptive Portuguese-language email, posing as an urgent request from a lawyer related to a legal case. Victims are then directed to a deceptive website, disguising itself as TotalAV, prompting them to download a ZIP file.
Another deceptive website claims to scan the machine for risks and updates the driver, with a script mimicking a legitimate system scan. Once activated, the installer triggers Chae$ 4.1, with advancements in the Chronod module intercepting user activity to steal specific credentials from services like WhatsApp, AWS, and WordPress.
Chae$ 4.1 introduces advanced code polymorphism to evade antivirus detection and identify sandbox environments, raising concerns about its potential impact. The malware, with its evolving tactics, emphasizes the importance of adopting robust security practices.
To mitigate risks, users are advised to regularly update their operating systems and software, employ layered security solutions with advanced malware detection, exercise caution when interacting with suspicious links or attachments, and regularly back up critical data. Staying informed about emerging cyber threats is crucial for effective cybersecurity.
