ESET researchers noticed a huge outbreak of a new Spy.Banker variant, detected as Spy.Banker.ADEA. Nemucod has in the past been one of the most detected types of malware in Ireland.
On the morning of Friday August 12th, at around 12pm CET this new variant was spotted in Brazil. Similar to previous ones used by other banking trojans in South America, during execution, the malware checks if the system’s settings are in Portuguese and proceeds with the injection of the banker’s payload.
The banking trojan spreads along with two modified versions of a popular utility software, which are used to extract usernames and passwords from browsers (Chrome, Firefox, Internet Explorer, and Opera), as well as credentials for local email clients like Outlook. For that, it uses emails with attached files that contain a variant of JS/Danger.ScriptAttachment, whose purpose is to download and execute other malware in the system.
JS/Danger.ScriptAttachment is the signature under which ESET detects some variants of the popular trojan downloader Nemucod. Trojan downloaders are used to spread several types of malware, including ransomware and now, on a massive scale in Brazil, banking trojans; they are also used for fraud.
Nemucod was particularly related to ransomware propagation, although we recently detected its use serving an ad-clicking backdoor.
Among the top threats in Brazil during July, trojan downloaders came in first place. As forSpy.Banker.ADEA, the banker downloaded by Nemucod, Brazil stands as the main target, but as with all malware, it is only a matter of time, before it is spotted globally.
How to protect yourself?
As we explained in previous articles about this threat, staying safe has a lot to do with file extension blocking and identifying, so emails with .EXE, *.BAT, *.CMD, *.SCR, and *.JS attachments should be blocked. We also advise setting the system to show full extensions, to avoid dual extension spoofing cases and, naturally, use a reliable security solution.
Stay up to date with latest threats with ESET Ireland’s blog or follow us on Facebook or Twitter.
[su_box title=”About ESET®” style=”noise” box_color=”#336588″][short_info id=’60260′ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…