Security researchers have uncovered a new trojan named Lampion. The trojan is distributed via phishing emails and targets Portuguese users.
How does it spread?
As reported by Segurance Informatica-Lab (SI-Lab), the phishing email used to distribute the trojan appears to come from the Portuguese Government Finance & Tax. The email reports issues related to debt for the year 2018.
It asks the recipients to click on a link within the email to avoid being misled by criminals. When the unsuspected victim clicks on the link available on the email body, the malware gets downloaded from the online server.
The downloaded file is a compressed Zip file called ‘FacturaNovembro-4492154-2019-10_8.zip.’ When it is unpacked by the user, they will see three files - a PDF, VBS, and a text file.
What is the file about?
What is Lampion?
Some of the features that are part of the captured Lampion samples include the following actions:
Lampion trojan is involved in capturing data belonging to both the users and infected systems. The collected information includes system information pages, installed software, web browser history, clipboard, details of the file system, etc.
The trojan also allows hackers to access and manipulate the infected machines via a specially designed web interface.