The new Chae$4 targets customers of finance and logistics companies. Morphisec cybersecurity researchers: Malware, completely written in Python, has been implemented throughout

Chae$4 is a new variant of the malware of the same name, written in Python, which targets customers of financial and logistics companies. This was discovered by Morphisec cybersecurity researchers. The payload also features, among other things, an improved communication protocol, a suite of malicious modules, additional layers of encryption and greater obfuscation capabilities. The infection starts by running a malicious MSI installer, which goes almost unnoticed. It usually simulates a JAVA JDE installer or Anti-Virus software installer. The download of the files required by the malware will be done inside a dedicated and encrypted folder, which will contain Python libraries and executables with different names, encrypted files and Python scripts that will be used later. Next, Chae$4 will unpack its main module, and finally communicate with C2 to download external modules to the infected system.