Malware campaign targets Spanish-speaking individuals

Image via Unsplash

A new malware campaign targets Spanish-speaking individuals within the mining sector. This campaign, discovered by Cofense Intelligence, is named Poco RAT and is a Remote Access Trojan. Based on the research, Poco RAT appears to utilize the POCO C++ Library to target Spanish-speaking individuals.

While the mining sector is the predominant target (67%) in this campaign, the campaign has also targeted manufacturing (20%), utilities (7%) and hospitality (6%).

This malware campaign was initially observed in early 2024 and was primarily delivered through embedded links to 7zip archives that contained executables housed in Google Drive. Emails in this campaign contained consistent features, including:

A financial theme in the subject line and body of the message
Spanish being the language in the subject line and body
The inclusion of a link to a 7zip archive housed in Google Drive or a delivered file with the link embedded

According to the research, this campaign is ongoing.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.