IBM X-Force researchers Andre Piva and Ofir Ozer found a new campaign of malware that we previously discovered and named CamuBots The first time CamuBot emerged was in August 2018 in Brazil, its operators targeted business accounts of some of the major banks in Brazil. After that initial campaign in 2018, the malware went into a dormant period of inactivity for an entire year. The attack kill chain features the following top-level TTPs: The adversary gathers intelligence on the potential target. They look up open-source information and make several phone calls to people in the organization to map out the hierarchy and get familiar with the more collaborative parties. The attacker grooms the potential contact”]