Cisco Talos identified two ongoing malware distribution campaigns being used to infect victims with banking trojans. These campaigns used different file types for the initial download and infection process. Both campaigns used the same naming convention for various files used during the infection process and featured the abuse of link-shortening services to obscure the actual distribution servers used. The use of link shorteners also allows some additional flexibility, which could enable the attacker to shift where they are hosting malicious files, while also enabling them to leverage these legitimate services in email-based campaigns.”]
Source: https://blog.talosintelligence.com/2018/11/metamorfo-brazilian-campaigns.html

