Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Brazilian banking threatened by a malware embedded inside RTF file

The clients of the Brazilian financial institutions have been hit by a banking trojan embedded in RTF file and spread through a spam campaign. The banking is one of the most targeted sector by cybercrime that exploit always new vector to infect a customer’s machine of the clients of banks. I decided to write this […]

Brazilian banking threatened by a malware embedded inside RTF file

The clients of the Brazilian financial institutions have been hit by a banking trojan embedded in RTF file and spread through a spam campaign.

The banking is one of the most targeted sector by cybercrime that exploit always new vector to infect a customer’s machine of the clients of banks.

I decided to write this post to alert banks’ customers and to avoid large scale infection, the malicious campaign is started in Brazil where many clients of financial institutions have received via mail an .rtf file that hide an ugly surprise.

Kaspersky security experts have spotted a spam mail campaign against the customers of Brazilian banks characterized by an interesting trick to infect recipients.

Almost every malicious spam campaign that targeted in the past banking institutions carried executable file masquerades as a pdf file or exploited known vulnerabilities in the browser with specifically crafted file.

The campaign that targeted Brazilian users carries “Comprovante_Internet_Banking.rtf”(“Receipt from Internet Banking.rtf) file as attachment, when the victim opens the RTF file, the document shows an image thumbnail with a message

“Click to see in a larger size”.

Clicking an image thumbnail in a rtf file user will be presented with a message saying a CPL file is about to be executed, in reality it is the malware Trojan.Win32.ChePro detected by the Kaspersky experts.

Brazilian banking malware embedded rtf

The banking malware that hit Brazilian banks seems to have Indian origin, the choice of .RTF file format as the attack is not casual, it allows to embed a file objects, including executable file. The cybercriminals behind the spam campaign against Brazilian banking have exploited this feature to embed the malware file in the document.Why Brazil?

Brazil is the biggest country in Latin America with a population of approximately 200 million people and a high Internet penetration, Mobile penetration is upward of 132% (2012) and still growing by about 7% annually.

“Brazil’s highly stratified social structure often means that those on a low income are drawn into illegal activity, including writing malicious programs designed to steal data belonging to bank customers. The fact that online banking systems are widely used in Brazil makes this type of criminal activity all the more attractive. Additionally, the country does not have legislation which effectively combats cybercrime.

Between them, Brazil’s biggest banks have millions of online banking customers. For instance, Banco do Brasil has 7.9 million online customers, Bradesco has 6.9 million, Itaú has 4.2 million and Caixa has 3.69 million. These numbers are high enough to motivate the criminals: even if the percentage of successful attacks is small, the profits can still be impressive.” stated an old, but actually, report of Kaspersky.

Banking users … You are advised!

Pierluigi Paganini

(Security Affairs – Banking, malware)