A new banking malware affects many Brazilians

Researchers are saying that two active malware distribution campaigns are delivering high threat banking Trojans to customers of Brazilian financial institutions. The same researchers also identified a spam botnet that is used for delivering the malicious emails as part of the campaigns.

Each campaign used two separate infection processes between late October and early November. Researchers found that the campaigns use different file types for the download and infection processes, the only similarities between those two are that both targeted Brazilian firms and eventually both deliver banking Trojans. The first trojan collects information on the target machine, exfiltrates it to a C2 server, and also includes a keylogger. The second has the same features but is implemented differently; it is designed to primarily target two-factor authentication by showing users fake pop-ups.

The main actor is believed to be located in South America because there would be the easiest to use victims’ credentials to carry out fraud.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Besides the main campaign components and additional tool and malware was found: – a remote administration tool with the ability to create emails which are hosted in an Amazon S3 bucket.
The emails from both campaigns are created on the BOL Online email platform, which made researchers believe that the main actor’s primary goal is to create a botnet of systems specifically designed for email creation.

The preliminary report shows that:
– during the investigation, more than 700 compromised systems were found on the servers that are members of the botnet.
– the botnet created more than 4,000 unique emails using the BOL Online service; some of them were used to launch the spam campaigns they analyzed.

Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.