Banking Trojan posing as Avast AV
Posted on 06.02.2013
A banking Trojan masquerading as the popular free AV solution from Avast has been spotted on computers of Brazilian users, reports Kaspersky Lab Expert Dmitry Bestuzhev.

The malware is delivered via email, and among other things, it misuses the system tray icon of the aforementioned legitimate software. Users clicking on the icon are faced with pop-up messages claiming that "Your Avast! Antivirus is being updated, wait" or "Avast! antivirus: Attention, your system is protected."

The Trojan is written in Delphi, and is small in size - only 386Kb - but it still manages to do nasty things such as trying to remove legitimate AV software from the infected computer before installing itself. Among the targeted software are solutions by Microsoft, Kaspersky, Panda, McAfee, Symantec, Avast, and others.

Bestuzhev speculates that the malware creators decided to disguise it as Avast AV because it's the most popular one in Brazil, and because people in Latin America still donít want to pay when there is something to be had for free.

He also warns that Brazilian banking Trojans often come with fake descriptions, trying to pose as modules of different AV products:

Add to this the fact that some Brazilian banking malware is signed with valid digital certificates, and it's easy to see why cyber theft is rampant in Latin America.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th