Spam emails that simulate being sent by a well-known Peruvian newspaper are circulating, the hook to deceive users is a supposed video related to a news story that is giving a lot to talk about in the Andean country. Clicking on the links starts the download of a Trojan Rosario_Video.exe which for now is not detected by any antivirus (VT 0/34):
The file is hosted on a compromised site that allows its directories to be listed, the following screenshot shows the files created by the attacker:
You can see the .exe dated yesterday, another file that is used to perform a redirect and a .txt that works as a counter, to this day it seems that the Trojan has been downloaded more than 6,500 thousand times.
As usual, common sense and careful with the links received!
Thank you Milagros for sending it.
Update: same Trojan with Markarin.
For now only the antivirus signatures detect the Trojan (VT 1/42), attackers are using it with other fake news variants. In the following screenshot you can see the same kit, but now the supposed video is called markarian.exe, hinting at the technical director of the Peruvian soccer team:
The cn.txt file works as a simple download counter, for now there are more than 1,600: