Cybercriminals are trying to trick users from Brazil into installing a piece of malware with the aid of malicious emails that promise a PC version of WhatsApp.
According to Kaspersky experts, when they click the links from these emails, users are taken to a compromised server in Turkey, which is set up to redirect them to a Hightail (Yousendit) account from which a Trojan is downloaded.
Once it finds itself on a computer, the threat downloads a banking Trojan from a server located in Brazil. Around two hours ago, only 9 of the 50 antivirus engines on VirusTotal detected the malware that’s designed to steal sensitive information from infected devices.
To avoid raising too much suspicion, the Trojan has an icon that makes it look like a harmless mp3 file.
The threat is developed in Delphi XE5 and it comes with some anti-debugging features that make it difficult to analyze.