Distributed via Phishing (Malspam) emails disguised as urgent invoices, tax documents, or legal notifications. 2. Infection Chain
Once the payload is active, the malware (often a variant of the family) performs the following:
Collects OS version, installed antivirus software, and user privileges. LatinDogStyle.7z
It detects when the user navigates to a banking website and displays a fake, identical-looking pop-up window to steal passwords and 2FA codes.
Latin America (notably Brazil, Mexico, and Chile). It detects when the user navigates to a
The downloaded file is LatinDogStyle.7z . Attackers use .7z or .rar formats because they are less frequently scanned by basic email gateways compared to .zip files.
The user receives an email with a link to download a "document." The link often points to legitimate cloud services like Dropbox, Google Drive, or Azure to avoid domain blacklisting. Attackers use
The "LatinDogStyle" archive typically follows a multi-stage execution flow designed to bypass traditional antivirus signatures: