Spy Banker spreading through Brazil via malicious links posted on social networks.
The Spy Banker Trojan is spreading through Brazil through the help of Google and Facebook, according to researchers at ZScaler ThreatLabZ.
Attackers host the Spy Banker downloader on Google Cloud servers. The downloader, in turn, installs the payload Spy Banker Trojan Telax.
Victims are infected by drive-by download or led to it via links (shortened with the bit.ly URL shortener) posted on social networking sites -- 99 percent of the unsuspecting victims who clicked the link came through Facebook. The links claim to be for coupons or free software, including security software like Avast! anti-virus.
The Trojan has some stealthy capabilities. To stay out of the hands of security pros, one of the first things it does is check a machine for the presence of a virtual environment. It collects information about the anti-virus software running on the host machine and sends it back to the command-and-control server. It also contains both a 32-bit rookit and 64-bit rookit component.
This is not the first time Google is being used by attackers. In July, researchers discovered a phishing campaign that hosted malicious sites on Google Drive, and lured via phishing messages sent through Gmail.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024