A total of 11 unique malware files, many of which disguised as updates for Adobe products, have been spotted by Trend Micro experts on two Brazilian government websites. The sites have been serving the malicious files since April 24.

The attack mostly affects users from Brazil, but some internauts from the US, Angola, Spain, Romania, and other countries have also downloaded the malware which helps criminals gain access to the sensitive information they need to access victims’ bank accounts.

Once it infects a system, the Trojan (TROJ_BANDROP.ZIP) creates an administrator account on the operating system and enables multiple concurrent remote desktop sessions.

The newly created account, called ADM123, allows the attacker to remotely connect to the infected computer and take complete control over it.

“Compromising and using government sites to deliver malware is not an unusual practice,” Trend Micro Threats Analyst Roddell Santos noted.

“This tactic provides a certain social engineering leverage, as government-related sites are usually deemed safe and secure. But as this incident clearly shows, there is no sacred cow when it comes to cybercrime. Everyone is fair game.”

About the Author

By Unknown on 20:10. Filed under CyberCrime , Others . Follow any responses to the RSS 2.0. Leave a response