Malware Tries Out Open Sesame Tactics

“Choose a strong password! Not one for all, but one for EACH account that you have!”. This is one of the oldest pieces of advice in the book of Internet wisdom (and, probably, by now, what your ma tells you once she’s made sure you DO eat an apple a day).

But cybercriminals have their own version of this nice book and, when it comes to password safety, it says: “Beat honest and least-effort-seeking users to it and go make a strong password generator”.

This story is a classic: users receive an unsolicited e-mail announcing the creation of this marvel of science that will help them keep all online accounts safe from any harm.

A direct link is provided, and recipients are advised to follow it to download the promised software. Once they click the link, they are redirected to a site hosting a fake application which infects their systems with malware.

Identified by Bitdefender as a variant of Kazy Trojan, the application is a Downloader protected with Enigma Protector, that apparently downloads a .gif file (in fact, the .gif is an executable). The downloaded executable is saved as “iexplorer.exe” and started immediately.

The downloaded file is a banker protected with Enigma Protecter as well. It saves itself as an anti-virus file (i.e: avg.exe, nod32.exe, etc).

It drops online banking lookalikes designed to dupe the customers of various banks – Banco do Brasil, Internet Banking Caixa, Bradesco Internet Banking, Itau – and to steal the corresponding login credentials. At the same time, it starts deleting different files that are part of various AVs and anti-fraud solutions.

In order to stay safe, Bitdefender recommends you never open files without checking them for malware, and that you install and update a complete internet security solution.