Banking Trojan Distributed with Fake “WhatsApp for PC” Emails

Fake WhatsApp emails used to distribute malware

Cybercriminals are trying to trick users from Brazil into installing a piece of malware with the aid of malicious emails that promise a PC version of WhatsApp.

According to Kaspersky experts, when they click the links from these emails, users are taken to a compromised server in Turkey, which is set up to redirect them to a Hightail (Yousendit) account from which a Trojan is downloaded.

Once it finds itself on a computer, the threat downloads a banking Trojan from a server located in Brazil. Around two hours ago, only 9 of the 50 antivirus engines on VirusTotal detected the malware that’s designed to steal sensitive information from infected devices.

To avoid raising too much suspicion, the Trojan has an icon that makes it look like a harmless mp3 file.

The threat is developed in Delphi XE5 and it comes with some anti-debugging features that make it difficult to analyze.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s