A new malware campaign targets Spanish-speaking individuals within the mining sector. This campaign, discovered by Cofense Intelligence, is named Poco RAT and is a Remote Access Trojan. Based on the research, Poco RAT appears to utilize the POCO C++ Library to target Spanish-speaking individuals.
While the mining sector is the predominant target (67%) in this campaign, the campaign has also targeted manufacturing (20%), utilities (7%) and hospitality (6%).
This malware campaign was initially observed in early 2024 and was primarily delivered through embedded links to 7zip archives that contained executables housed in Google Drive. Emails in this campaign contained consistent features, including:
- A financial theme in the subject line and body of the message
- Spanish being the language in the subject line and body
- The inclusion of a link to a 7zip archive housed in Google Drive or a delivered file with the link embedded
According to the research, this campaign is ongoing.