Malware is delivered by emails, containing links to ZIP files or ZIP attachments. The ZIP contains a VBscript that, when executed, downloads additional files from AWS S3, Google Drive or other cloud hosting services. The downloaded files are encrypted .exe and .dll files.
The malware targets banking clients in Portugal.
|2021-07-19 ⋅ Palo Alto Networks Unit 42 ⋅ |
Evade Sandboxes With a Single Bit – the Trap Flag
|2021-02-10 ⋅ Seguranca Informatica ⋅ |
Lampion trojan disseminated in Portugal using COVID-19 template
|2020-07-06 ⋅ Seguranca Informatica ⋅ |
New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader
|2020-05-11 ⋅ Seguranca Informatica ⋅ |
Trojan Lampion is back after 3 months
|2019-12-30 ⋅ Check Point ⋅ |
THREAT INTELLIGENCE REPORT
|2019-12-26 ⋅ Seguranca Informatica ⋅ |
Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
There is no Yara-Signature yet.