Dossier
Elastic Security Labs
Coverage of Elastic Security Labs in the Nexus archive.
- TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
A previously undocumented Brazilian banking trojan called TCLBANKER has been flagged, targeting 59 financial platforms via WhatsApp and Outlook worms. The malware is an update of the Maverick family and is being tracked by Elastic Security Labs under REF3076. It spreads using a worm called SORVEPOTEL.
- Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
A novel social engineering campaign is exploiting Obsidian, a note-taking app, to deliver PHANTOMPULSE RAT, a previously undocumented Windows remote access trojan targeting financial and cryptocurrency sector individuals. Elastic Security Labs has labeled the activity as REF6598, highlighting its use of Obsidian plugins as an initial access vector.