Trojan Masked Free AV Software Targets 23 Brazilian Banks

A banking Trojan dispersing as the well-known free anti-virus (AV) solution from Avast is found to be at present targeting the customers of 23 financial institution and five e-commerce systems from Brazil, disclosed security experts, as published by net-security.org in the first week of March 2013.

The malware developers determined to cover it as Avast AV as it's the most well-known in Brazil, and as people in Latin America still don't want to pay when there is something to be had for free, they added.

The malware is sent through email, it misuses the system tray icon of the genuine software. Users responding the icon are given a Pop up message saying that "Your Avast! Antivirus is being updated, wait or "Avast! Antivirus: Attention, your system is saved."

The Trojan is written in Delphi, and is small in size - about 386Kb- but it still operates to do malicious activities, e.g. trying to remove authentic AV software from the infected computer prior to installing itself. From the beleaguered software are solutions by Microsoft, Kaspersky, Panda, McAfee, Symantec, Avast, and many more.

Despite the truth that the malware is not very sophisticated, it is highly good enough and is making money for the cybercrooks that administers it, as observed by security researchers.

Among the most interesting aspects of this piece of malware is that its components have signed with genuine digital certificates.

Unlike other threats, signed with stolen or advanced certificates, the authors of this banking Trojan have developed novel companies for which they are appealed digital certificates from COMODO and Digicert.

The companies due which the certificates have been issued are registered with counterfeit details, so the crooks cannot be traced down. To look it more genuine, they use names same to the ones of the companies that makes bank security software.

Initial types of malware, first recognized at the beginning of 2012, only had one module targeting just a small number of banks. It wasn't signed with digital certificates and it could be easily reverse-engineered. However, the recent type is more intricate. It integrates HTTPS/SSL Supports, anti-debug mechanism, and encryption for download.

Related article: Trojans Attack For Ransom

» SPAMfighter News - 3/28/2013