Brazil Made Bank Trojans Are Increasing
When it comes to the banking trojans, Brazil is not only a leading manufacturer, but its residents also bear the brunt of trojan attacks. However, according to cybersecurity reports the trojans made by Brazil are found usually attacking too many South American country.
Gradually the Trojans start spreading worldwide. The Trojans from Brazil are being used against many banks of more than 60 countries.
But despite the widespread use of attack’s methodology, the trojan has always been tagged and tracked using several names like Banload, Banbra, Delf, Bancos, Boleto, Spy.Banker etc.
Remote Access Brazilian Trojan Attacks
The malware named RAT was created in 2015 by a Brazilian. Cyber investigators found several strings of code in Portuguese however, the author denies using an illegal fashion for his creation.
Even though the trojan's code has fully functional remote access capabilities, it does not seem to contain skills related to the financial malware.
Unlike other Brazilian financial malware, there is no anti-analysis code to detect virtual machines or security products. These features are likely added by different malware authors who use and repurpose the open-source RAT code.
The multi-stage attacks from trojan start with a phishing email that sets the initial infection with email’s body containing an attachment or a link pointing to a hosting website. The attackers are selectively
sneaky and use well-known sites like AWS, Dropbox or Pastebin.
This makes the link safe when it appears to both the victim and any security software like antivirus or antimalware.
Attack Flow of Brazilian Malware
The majority of Brazilian malware infect a system via malicious email and phishing. For example, MnuBot has two base components and use two-stage attack flow.
In the first stage, MnuBot injects a Desk.txt file within the AppData Roaming folder. It then places data from applications onto other computer application. Additionally, it continually checks for a window name which is similar to the bank names.
Once it discovers a bank, it queries the server for the second stage. The downloaded executable (C:\Users\Public\Neon.exe) attacks by providing the attacker a full control over the victim’s computer.
This executable then gives abilities like keylogging, taking screenshots, restarting and freezing the victim’s machine and creating a form only to overlay the bank’s form in order to steal users banking information, passwords and login ids.
How The Trojan Runs Its Course
- Use Social engineering as an entry point into the computer.
- Cause Multiple redirections via URL shorteners while using Dynamic DNS service.
- Host payloads on the legitimate online storage services and CDNs. (content delivery networks).
- Confused PowerShell downloaders employ command-line logging evasion.
- Use the landing techniques to abuse Microsoft-signed binaries.
- Also, abuse trusted applications via DLL hijacking.
- Split the main payload into more than two components.
- Malware is a relatively flexible code that is changed upon needs and spread outside of Brazil to target banks located in different countries.
Our research shows how Brazilian-made malware, designed initially to target the Brazilian banking users. Research also shows how trojan repurposes itself to target other countries and their regional banks.
We had observed more than 60 banks that got affected by Brazilian banking trojans. To protect the impacts and infection of banking trojans on your computer, we recommend you to use Malware Crusher.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
