Chaes malware strikes customers of Latin America’s largest e-commerce platform


Level 75
Content Creator
Malware Hunter
Aug 17, 2014
Previously unknown malware has been detected in widespread attacks against e-commerce customers in Latin America.

The malware, dubbed Chaes by Cybereason Nocturnus researchers, is being deployed by a threat actor across the LATAM region to steal financial information.

In a blog post on Wednesday, the cybersecurity team said Brazilian customers of the area's largest e-commerce company, MercadoLivre, are the focus of the infostealing malware.

Headquartered in Buenos Aires, Argentina, MercadoLivre operates both an online marketplace and auctions platform. In 2019, an estimated 320.6 million users were registered with the e-commerce giant.

First detected in late 2020 by Cybereason, Chaes is spread via phishing campaigns, in which emails claim that a MercadoLivre purchase has been successful. To try and increase the email's look of legitimacy, the threat actors also appended a "scanned by Avast" footnote.

The messages contain a malicious .docx file attachment. Assaf Dahan, Cybereason Head of Threat Research, told ZDNet the attachment leverages "a template injection technique, using Microsoft Word's built-in feature to fetch a payload from a remote server." [...]

Andy Ful

Level 72
Content Creator
Dec 23, 2014
No problem if scripting is restricted/blocked: