Banking Trojan Distributed with Fake “WhatsApp for PC” Emails


Fake WhatsApp emails used to distribute malware

Cybercriminals are trying to trick users from Brazil into installing a piece of malware with the aid of malicious emails that promise a PC version of WhatsApp.

According to Kaspersky experts, when they click the links from these emails, users are taken to a compromised server in Turkey, which is set up to redirect them to a Hightail (Yousendit) account from which a Trojan is downloaded.

Once it finds itself on a computer, the threat downloads a banking Trojan from a server located in Brazil. Around two hours ago, only 9 of the 50 antivirus engines on VirusTotal detected the malware that’s designed to steal sensitive information from infected devices.

To avoid raising too much suspicion, the Trojan has an icon that makes it look like a harmless mp3 file.

The threat is developed in Delphi XE5 and it comes with some anti-debugging features that make it difficult to analyze.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s