contador web Saltar al contenido

McDonald's fake coupon used to record PC screen and steal data | Security

A new scam uses fake McDonald's coupons and infects computers with the Mispadu Trojan horse designed to steal passwords and bank details. According to the security company ESET, 100,000 Brazilians have already clicked on the fraudulent link until last Friday (22). The trojan is mainly distributed in Facebook ads. In the experts' assessment, there have been at least two offensives, one ending in the second half of September and one starting in October. The attack targets mainly users from Latin America, with Brazil and Mexico at the top of the hardest hit.

READ: Tinder: 'Loving Message' Scam Steals Money

Scam promises discount coupons at McDonald's Photo: Divulgao / EsetScam promises discount coupons at McDonald's Photo: Divulgao / Eset

Scam promises discount coupons at McDonald's Photo: Divulgao / Eset

Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo

By clicking on the ad link, the user is directed to a compromised site to download a ZIP file to the computer and install an executable in MSI format compatible with Windows. The supposed discount coupon, once downloaded and executed, will play off supposedly legitimate applications and begin to monitor the computer for e-mail passwords and logins stored in browsers. It records the screen and saves the keystrokes.

In another embodiment, Mispadu can infect the PC in the form of a Google Chrome extension. Under the guise of protecting the browser, the program lurks to steal bank data and credit cards when shopping online. According to ESET, malware can even replace legitimate billet bar codes to deposit the money into the criminal's account.

Trojan hacks into computers to steal bank data Photo: Pond5Trojan hacks into computers to steal bank data Photo: Pond5

Trojan hacks into computers to steal bank data Photo: Pond5

According to experts at the security firm, the hacker group was also planning a new scam using a fake version of the Brazilian AreaVIP website. The attack would use a fraudulent Flash Player update as a pretext. The Adobe plugin, it is worth remembering, is gradually being discontinued and will have updates only until next year.

ESET warns that malicious link propagation is generally made between the victim's own contacts. Therefore, it is important to be wary of discount coupons that arrive by messaging and social networks, even if they have been sent by acquaintances.

Instead of clicking on a tempting offer, check the company's official channels for the promotion. An alternative is also to launch handheld from recognized coupon aggregators such as Coupon, CupoNation, Couponeria, Promobit, Meliuz and TechTudo Coupons. Antivirus software installed on your computer and phone is also important, as they can block fraudulent links even after the click.

How to Remove Virus on an Android Phone

How to Remove Virus on an Android Phone