A Trojan threat which has existed since 2009 has resurfaced recently attacking users of Facebook and Google Cloud services, using social engineering, to encourage them to install the Spy Banker script.
According to Zscaler, who have been monitoring the Trojan in the wild, the attackers are offering users coupons and free downloads of popular software to entice them to run the offending script on their devices. They went on to list some of the dangerous files some users have downloaded and executed on their machines.
americanas.com
americanas.exe
app.ricardoeletro.com
atube.com
avast.com
AvastPro.exe
baixaki.com
receitanet.com
ricardoeletro.com
setup.exe
submarino.com
voucher.americanas.com
voucher.mercadolivre.com
voucher.ricardoeletro.com
walmart.com
web.whatsapp.com
whatsapp_setup.exe
WhatsApp_Setup.exe
Security Week reported that Google has responded to the attack by removing the offending PHP files from their cloud platform, where users were reportedly being lured from sites hosted on Godaddy sites, which have also been taken down.
The attack was made possible by concealing the links to the malware through the use of ‘shortened’ URLs using the popular bit.ly service. Before the link was removed over 100,000 users are reported to have clicked the offending link.
While the majority of the users impacted were in Brazil, users were also caught out in the US, other parts of South America and Europe.
With more and more of our private data hosted on our PCs and online, it’s more important than ever to avoid running software that is not discovered through a trusted source. Social media links, and e-mails, even if appearing to come from a ‘friend’ or trusted source should still be treated with suspicion if they are received without being requested.
Recent Comments