Banking Trojan posing as Avast AV
Posted on 06.02.2013
Bookmark and Share
A banking Trojan masquerading as the popular free AV solution from Avast has been spotted on computers of Brazilian users, reports Kaspersky Lab Expert Dmitry Bestuzhev.

The malware is delivered via email, and among other things, it misuses the system tray icon of the aforementioned legitimate software. Users clicking on the icon are faced with pop-up messages claiming that "Your Avast! Antivirus is being updated, wait" or "Avast! antivirus: Attention, your system is protected."

The Trojan is written in Delphi, and is small in size - only 386Kb - but it still manages to do nasty things such as trying to remove legitimate AV software from the infected computer before installing itself. Among the targeted software are solutions by Microsoft, Kaspersky, Panda, McAfee, Symantec, Avast, and others.

Bestuzhev speculates that the malware creators decided to disguise it as Avast AV because it's the most popular one in Brazil, and because people in Latin America still don’t want to pay when there is something to be had for free.

He also warns that Brazilian banking Trojans often come with fake descriptions, trying to pose as modules of different AV products:


Add to this the fact that some Brazilian banking malware is signed with valid digital certificates, and it's easy to see why cyber theft is rampant in Latin America.









Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //