WhatsApp message for PC download banking trojan ...

WhatsApp message for PC download banking trojan …

January 22, 2014

The malware, of Brazilian origin, has the ability to steal money from victims in that country as well as from others in the region

WhatsAPP alertKaspersky Lab experts have detected a spam campaign where cybercriminals use social engineering methods to get users to click on a malicious link promoting the false arrival of the WhatsApp service for PCs. The campaign is spread via email and aims to download a banking Trojan onto its victims’ computers to steal sensitive information from them and, ultimately, their money.

The spam message, written in Portuguese, tells its victim that WhatsApp for PC is now available and that the recipient already has pending invitations from their friends in their account. The moment the victim clicks the link, it is directed to a server in Turkey and then redirected to the cloud-based Hightail service to download the initial Trojan. As soon as it is activated, it downloads a banking Trojan to the victim’s computer.

“The malware comes from a server in Brazil and has the ability to steal money from victims in that country as well as others in the region. The banking Trojan installs as an mp3 file icon, which is familiar to most users, which increases the likelihood that they will click on it, especially seeing that it is a file of only 2.5Mb ”, he commented. Dmitry Bestuzhev, Director of the Research and Analysis Team for Kaspersky Lab Latin America.

As soon as the Trojan is operational, it is reported to the cybercriminals’ infection statistics console and when it is opened, the local portal 1157 sends stolen information in Oracle database format. As if this weren’t enough, the portal also installs new malware onto its victims’ systems.

Only 3 out of 49 antivirus software detect it. Kaspersky Anti-Virus detects all the mentioned examples heuristically.

Kaspersky Lab advises users of WhatsApp or any other instant messaging program to exercise caution. Even if the message comes from known people, it is possible that the computer has been infected and is controlled by cybercriminals. Users are also encouraged to do the following to ensure their computers remain safe:

  • Install and keep the security solution up-to-date
  • Keep the operating system up to date
  • Update all third-party apps
  • Use a secure browser to access the Internet
  • Use strong passwords that contain letters, numbers and symbols (? #!., Etc …) and that are different for each website or resource
  • Use common sense
[+] Videos de nuestro canal de YouTube