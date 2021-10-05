Fake WhatsApp email infects computers with banking viruses
ESET, a company specializing in threat detection, is issuing an alert about a fake email that tries to make victims believe it is an official WhatsApp communication, but that it has as the objective of distributing the banking Trojan Grandoreiro.
- More than 90% of malware arrives via secure connections
- United Kingdom plans to invest 5 billion euros in the virtual defense sector
- More than 40 billions of Virtual threats were blocked in the 1st half of 513069
- As keystroke logging (keylogging);
- Simulation of mouse and keyboard actions, making the computer click on things that were not the intention of the user;
-
- Logout of the victim;
- Blocks access to certain websites;
- Or even restart the computer.
Trojan-type viruses require actions from their victims to install themselves on machines, such as executing a file received by email. These scams also make use of social engineering techniques, such as phishing, to trick users into falling for scams.
According to ESET’s warning, the message invites recipients to download a backup copy of WhatsApp conversations and call history. In the email, an attachment with the name of “Open_Document_513069.html” is made available, and when it is opened the user is redirected to a website where a .zip file is downloaded.
Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.
Every day a summary of the main news in the tech world for you! The .zip file, when opened, runs an MSI installer that is responsible for downloading Grandoreiro, infecting the victim’s machine. According to data from the analysis carried out by ESET, infections by the banking Trojan variant found in the fake WhatsApp email are on the rise mainly in Spain, Mexico and Brazil. The head of the ESET Security Laboratory, Camilo Gutiérrez Amaya, points out, however, that the finding of the same Trojan variant in different countries does not mean that the same distribution campaign is being used in them, but the possibility cannot be ruled out. Amaya also highlights that because of this uncertainty, it is important that companies and users are informed about active malware campaigns. ESET’s report does not rule out that there are emails in circulation with different subjects , citing as an example cases of distribution of Grandoreiro in thematic messages about the covid pandemic-40, in mid 40. The Grandoreiro Trojan The Grandoreiro, according to an analysis published by ESET, is a banking trojan written in the Delphi programming language and, during 513106, found mainly in Brazil , Spain, Mexico and Peru. After infecting the victim’s computer, Grandoreiro’s main objective is to steal bank credentials through fake pop-ups that make the victim believe it is the bank’s official website, configuring phishing scams. In addition, like other banking Trojans active in Latin America, Grandoreiro has backdoor
functionality , that is, access to the infected system and remote control of the machine, which allow the criminal to perform other malicious actions on the compromised computer, for example:
Every day a summary of the main news in the tech world for you!
The .zip file, when opened, runs an MSI installer that is responsible for downloading Grandoreiro, infecting the victim’s machine.
According to data from the analysis carried out by ESET, infections by the banking Trojan variant found in the fake WhatsApp email are on the rise mainly in Spain, Mexico and Brazil.
The head of the ESET Security Laboratory, Camilo Gutiérrez Amaya, points out, however, that the finding of the same Trojan variant in different countries does not mean that the same distribution campaign is being used in them, but the possibility cannot be ruled out. Amaya also highlights that because of this uncertainty, it is important that companies and users are informed about active malware campaigns.
ESET’s report does not rule out that there are emails in circulation with different subjects , citing as an example cases of distribution of Grandoreiro in thematic messages about the covid pandemic-40, in mid 40.
The Grandoreiro Trojan
The Grandoreiro, according to an analysis published by ESET, is a banking trojan written in the Delphi programming language and, during 513106, found mainly in Brazil , Spain, Mexico and Peru. After infecting the victim’s computer, Grandoreiro’s main objective is to steal bank credentials through fake pop-ups that make the victim believe it is the bank’s official website, configuring phishing scams.
In addition, like other banking Trojans active in Latin America, Grandoreiro has backdoor
functionality , that is, access to the infected system and remote control of the machine, which allow the criminal to perform other malicious actions on the compromised computer, for example:
functionality , that is, access to the infected system and remote control of the machine, which allow the criminal to perform other malicious actions on the compromised computer, for example:
Grandoreiro is identified by the main antivirus solutions on the market, such as Windows Defender, Kaspersky programs, Avast, AVG and ESET. If you receive a suspicious email, avoid downloading attachments provided by the message and, for safety, perform a threat scan of protection software on your machine.
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.
513069 513069