New malware aimed at stealing passwords and bank data has killed about 27,000 victims since the beginning of the year. The threat was discovered by Avast and released on Wednesday (8). Known as Guildma, the malicious agent targets mainly users and services in Brazil and has already attacked 130 banks and 75 other online services in the world, such as Netflix, Facebook, Amazon and Gmail.
New WannaLocker Malware Reaches Mobile Phones and May Steal Bank Data
Initially, Guildma targeted only computers running in Portuguese. In May, however, malware expanded to regions that speak other languages. To date, Avast has counted more than 155,000 attacks. Among the "symptoms" that the PC has been infected are slowing down and shutting windows out.
98% of Guildma's targets are in Brazil Photo: Divulgao / Avast
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
Guildma is a highly modular and complex malware, supporting a wide range of functionality. It is also developing very rapidly, attacking not only Brazilian banks, but also websites from other Latin American countries, explains Adolf Streda, malware researcher at Avast.
According to the cybersecurity company, the banking trojan spreads through targeted phishing emails containing invoices, invoices, survey invitations and other types of fake messages. The messages are personalized and address the victims by name.
When the user opens the infected file attached to the email, Guildma runs and starts scanning the computer for files related to banking applications and even browsers with open internet bankings. If it does not detect the initial targets, the malware goes behind certain desktop email clients and services like Netflix, Amazon and Facebook opened in browser windows.
Phishing emails are used by Guildma to lure Brazilians and steal bank details. Photo: Disclosure / Avast
By finding a service from the list, the malicious agent is capable of taking various actions, such as stealing access credentials and contacts, taking screenshots, intercepting mouse and keyboard clicks, remotely controlling the computer and manipulating files. In addition, Guildma can download additional files and run them.
Devices infected with malware may have a poor internet connection due to the many screenshots that are taken and sent over the network. Another signal involves delayed computer responses. Guildma can also disconnect users or close browser windows to force them to log in to their accounts again to steal credentials.
To protect yourself from Guildma or any malware, it is important to avoid opening attachments or links included in store or bank emails and checking that the source address matches the sender. It is also worth remembering that public bodies such as the Electoral Justice do not usually send individual electronic messages. In these cases, be suspicious: the email probably hides some kind of threat.
How to Remove Virus on an Android Phone
GBWhatsApp secure or virus? Find out on TechTudo Forum