Latin America (notably Brazil, Mexico, and Chile).
Inside the archive, there is typically a heavily obfuscated Windows Shortcut (.LNK) file or a Loader (.EXE) disguised with a PDF or Excel icon. LatinDogStyle.7z
Do you have the of the specific file you are looking at? I can provide more granular details if you share it. Latin America (notably Brazil, Mexico, and Chile)
It detects when the user navigates to a banking website and displays a fake, identical-looking pop-up window to steal passwords and 2FA codes. I can provide more granular details if you share it
Creates a Registry Run key or a Scheduled Task to ensure the malware starts every time the computer reboots.
Distributed via Phishing (Malspam) emails disguised as urgent invoices, tax documents, or legal notifications. 2. Infection Chain
The user receives an email with a link to download a "document." The link often points to legitimate cloud services like Dropbox, Google Drive, or Azure to avoid domain blacklisting.