Poco RAT malware is being used to target Spanish-speaking businesses in Latin America. A hacker group, identified as Dark Caracal, has launched phishing attacks to infect organizations in Venezuela, Chile, Colombia, Ecuador, and the Dominican Republic.
A recent report highlights how the malware operates. Poco RAT can upload files, capture screenshots, execute commands, and manipulate system processes. Cybercriminals use phishing emails with invoice-themed attachments to lure victims into downloading the malware.
How the Attack Works
The infection starts with a phishing email. Victims receive an invoice-related document written in Spanish. When opened, the document directs them to a malicious link. This link downloads a .rev archive from cloud services like Google Drive or Dropbox.
The .rev format, originally meant for repairing corrupted files, helps malware evade detection. Inside the archive is a dropper, which installs Poco RAT and connects it to a remote server. This grants hackers full control over the infected device.
Poco RAT’s Capabilities
Poco RAT allows attackers to collect system data and monitor user activity. It can:
- Steal information from compromised systems.
- Download and execute malicious files.
- Capture screenshots and track active windows.
- Run commands remotely and send results to hackers.
The malware lacks built-in persistence. However, once active, hackers issue commands to maintain control or install additional threats.
Preventing Poco RAT Infections
To protect against Poco RAT, businesses must improve email security. Employees should avoid clicking unknown links or downloading suspicious attachments. Strong cybersecurity measures, such as multi-factor authentication and endpoint protection, can help prevent malware infections. Regular security training also reduces the risk of phishing attacks.
Sleep well, we got you covered.
