Scam simulates Internet Banking to steal victims' bank data | Security

A malware campaign in Brazil simulates pages of Brazilian banks and financial institutions to mislead victims and intercept their bank details. Detected by Tempest security specialists on Wednesday (27), the criminal action is related to the infrastructure used in an attack that, in December 2018, killed 120,000 more victims. According to the researchers, the new malware uses adulterated Windows update services to infect computers. The coup has already hit at least 28,000 victims from nine different institutions.

READ: Millions of Internet passwords leak and go for sale; understand case

Banking Malware Distributed Through Phishing Attack And May Cause Financial Loss To Victims Photo: Pond5Banking Malware Distributed Through Phishing Attack And May Cause Financial Loss To Victims Photo: Pond5

Banking Malware Distributed Through Phishing Attack And May Cause Financial Loss To Victims Photo: Pond5

Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc

The attack occurs on infected computers every time the user accesses the bank page. The malware displays a fake screen that recommends installing a new security module to access the financial institution's online functionality. This same page requires the user's bank details, which are intercepted by criminals to apply in financial scams.

Tempest explains that the malware infection and distribution process is based on phishing, a scheme in which the criminal sends alarming fake emails about past due bills that must be paid via a link. When accessing the fraudulent address, the user's computer is infected by the banking malware that presents the fake screen and steals data.

Phishing occurs through suspicious URLs in unknown emails Photo: Reproduction / Melissa CruzPhishing occurs through suspicious URLs in unknown emails Photo: Reproduction / Melissa Cruz

Phishing occurs through suspicious URLs in unknown emails Photo: Reproduction / Melissa Cruz

Fake e-mail makes the computer vulnerable to a host of malicious files that, fragmented, may go unnoticed by the machine's antivirus. At the end of the process, malware starts downloading and installing WinGUp: an application update software used by various developers.

However, according to Tempest, the version used by criminals is tampered with to allow the criminal to gain access to the victim's computer when she uses Internet Banking services. At this point, the attack controller replaces the bank's genuine page with the fake screen, prompting the user to disclose his personal and bank details.

Scam targets Internet Banking to make victims and steal bank details Foto: Rodrigo Fernandes / dnetcScam targets Internet Banking to make victims and steal bank details Foto: Rodrigo Fernandes / dnetc

Scam targets Internet Banking to make victims and steal bank details Foto: Rodrigo Fernandes / dnetc

Not to fall for scams like this, the best tip is always to be suspicious of email charges: before you click on any link, make sure you really know the creditor and if the debt really exists. It is also interesting to confirm directly with the sender the existence of the debit, e-mail and the ticket in question.

Also note attached files: Never download email documents with extensions .ZIP, .RAR, .EXE or .BAT. If you suspect anything when trying to access your bank page, contact your financial institution's helpdesk to clarify if any warnings on your screen are real.

Apple phishing email? Find out on the dnetc Forum.

What ransomware: five tips to protect yourself

What ransomware: five tips to protect yourself