‘Spy Banker’ Attacks Facebook, Google Cloud Users

A Trojan threat which has existed since 2009 has resurfaced recently attacking users of Facebook and Google Cloud services, using social engineering, to encourage them to install the Spy Banker script.

According to Zscaler, who have been monitoring the Trojan in the wild, the attackers are offering users coupons and free downloads of popular software to entice them to run the offending script on their devices. They went on to list some of the dangerous files some users have downloaded and executed on their machines.

americanas.com

americanas.exe

app.ricardoeletro.com

atube.com

avast.com

AvastPro.exe

baixaki.com

receitanet.com

ricardoeletro.com

setup.exe

submarino.com

voucher.americanas.com

voucher.mercadolivre.com

voucher.ricardoeletro.com

walmart.com

web.whatsapp.com

whatsapp_setup.exe

WhatsApp_Setup.exe

Security Week reported that Google has responded to the attack by removing the offending PHP files from their cloud platform, where users were reportedly being lured from sites hosted on Godaddy sites, which have also been taken down.

The attack was made possible by concealing the links to the malware through the use of ‘shortened’ URLs using the popular bit.ly service. Before the link was removed over 100,000 users are reported to have clicked the offending link.

While the majority of the users impacted were in Brazil, users were also caught out in the US, other parts of South America and Europe.

With more and more of our private data hosted on our PCs and online, it’s more important than ever to avoid running software that is not discovered through a trusted source. Social media links, and e-mails, even if appearing to come from a ‘friend’ or trusted source should still be treated with suspicion if they are received without being requested.

Spread The Word:

Author: Garrett Graff

Garrett is a qualified engineer, and when he’s not helping businesses grow as a consultant at Palladous, you can find him building hobby race cars, managing the family farming business or chilling out on the lake fishing.

Get in touch on Google+ or drop him a line by e-mail.

Share This Post On