According to data from Trustwave Spiderlabs, a recent phishing campaign targeted Latin America by infecting Windows systems with viruses through malicious emails.
The attack chain initiates by sending phishing emails containing an investment-themed ZIP file. Upon opening the archive, an HTML file is launched, redirecting users to download a fake file disguised as an invoice. The sender’s email address is associated with the domain “Temporary [.] Link,” and RoundCube Webmail is identified as the mail agent.
One notable feature of the HTML file is a link that leads to a page claiming the user’s account has been suspended. This message is displayed when the connection is not from Mexico. However, if accessed from an IP address in Mexico, the page will open differently.
The core concept of the attack involves presenting users with a problem that is easy for humans to solve but significantly challenging for computers. The use of Captcha, developed by Carnegie Mellon University, is one method employed to distinguish human users from automated bots.