The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template.
New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader.
Trojan Lampion is back after 3 months. The malware was observed last days with a new obfuscation layer, new C2, and distributed inside an MSI file.
After three months from the first detection, the Lampion origin was identified. A webserver named “portaldasfinancas” is available in Turkey and has been used to spread the threat in Portugal.
The infamous Lampion malware is known since December 2019 by targeting Portuguese organizations and equipped now with a new obfuscation layer.
Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax.