Brazilian cyber crooks are (in)famous for their predilection for banking malware, and they use every trick in the book to deliver it to potential victims.
A recent email malware delivery campaign took the form of a spoofed message alerting users that popular messaging app Whatsapp is now available for PCs, and that they should download it as there are already 11 users who are waiting for them to accept their invitation.
As can be expected, clicking on the download link takes the user through several redirections and, finally, makes them download the software.
Unfortunately, it is not the wanted app, but a downloader Trojan that sports good anti-debugging features.
It is this malware that finally downloads the banking Trojan, which still has an abysmal AV detection rate.
“Once running, the malware reports itself to the cybercriminals’ infections statistics console and when open, a local port 1157 sends stolen information in the Oracle DB format. In addition, it downloads new malware into the system; some samples are 10Mb in size,” explains Kaspersky Lab expert Dmitry Bestuzhev. “This is the classic style of a Brazilian-created malware.”