CAIXA is the Federal Bank in Brasil which not only services private banks but millions of Brasilians through the national lottery, social services, unemployment benefits, and other services.
Recently, cybercriminals sent out the following email scam to tempt users in to installing malware on their systems:
The text says essentially that they’re doing upgrade on their servers and users need to install the update at the link to maintain their Internet Access.
While the URL looks like it’s point to a government site in Brasil, it is actually pointing to a server in France and leads to a malicious software program name “sistema.exe” (MD5=2ce0b316d8ada0c52a6a154ba7a1b3ff). Currently 16 of 38 AntiVirus vendor’s detect this program according to Virus Total.
This attack uses tactics not commonly seen. The malware does not intercept or alter communication with a legitimate web site, nor does it redirect the user to a phishing site. Instead it prompts the user through a series of screens directly:
There are several more screens prompting users for account information, personal information, passwords and PINs. Upon submitting the information, the malware application the sends the stolen information out to a couple of email addresses.