Brazil Becomes a Hotbed for Banking Trojans - says ESET

Brazil is amongst the most thickly populated countries of the world and it also consists the maximum percentage of net users doing online banking. Over half of its populace use it and consequently, banking Trojans have become leading threat to cybersecurity in this Latin American powerhouse. ESET, a security firm, recently released a Whitepaper saying that banking Trojans are not being checked in this country in a homebased malware phenomenon which is specific to the region.

ESET detected control panel application (CPL) malware streaming at a growing rate via its Latin American lab out of which 90% arrives from Brazil.

CPL files, a kind of library files, activate code execution enclosed in the file automatically once it is clicked. If the code is a maligned, the user will be infected in due course of time. It is a very particular type of code approach which is not common at all in the larger perspective of malware scenario.

ESET observed these CPL files of malware and found that 82% of these deliver some different family of Win32/TrojanDownloader.Banload; whose main purpose is downloading and then installation of data embezzling banking Trojans.

Cybercriminals send fake emails to spread the malware, tricking victims to execute the tarnished CPL files so as to get infected. Therefore, they use methods related to social engineering to mislead users into believing that the CPL file enclosed in the message is a document having valuable information.

Bait messages which are used mostly include: a document with a quotation, invoice or receipt, a document containing details about a debt or a banking situation, digital payment tools used in Brazil like Boleto Bancario or the Nota Fiscal Electronica, files posing as pictures, videos or other type of media files.

ESET analyzed samples and found that almost all of them were written in Delphi excepting few which were developed in languages like Microsoft Visual C.

Within Q1-2015, 3 out of every 10 samples sent by users to ESET were found to be CPL files with Brazil unreasonably affected: ESET says that they have discovered that 76% of their detections originated from the country.

» SPAMfighter News - 6/1/2015