Recent Posts

Recent Blog Posts

The PhishLabs Blog

CAIXA Brasil malware attack

Posted by John LaCour on Jan 5, '09

CAIXA is the Federal Bank in Brasil which not only services private banks but millions of Brasilians through the national lottery, social services, unemployment benefits, and other services. 

Recently, cybercriminals sent out the following email scam to tempt users in to installing malware on their systems:

caixa-br-phish

 

The text says essentially that they’re doing upgrade on their servers and users need to install the update at the link to maintain their Internet Access.

While the URL looks like it’s point to a government site in Brasil, it is actually pointing to a server in France and leads to a malicious software program name “sistema.exe” (MD5=2ce0b316d8ada0c52a6a154ba7a1b3ff). Currently 16 of 38 AntiVirus vendor’s detect this program according to Virus Total.

This attack uses tactics not commonly seen. The malware does not intercept or alter communication with a legitimate web site, nor does it redirect the user to a phishing site. Instead it prompts the user through a series of screens directly:

 caixa-br-screen1

caixa-br-screen2

 

There are several more screens prompting users for account information, personal information, passwords and PINs. Upon submitting the information, the malware application the sends the stolen information out to a couple of email addresses.

Topics: Malware, Fraud, Threat Analysis, Lure

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all