Home / malware Infostealer.Bancos.BF
First posted on 06 November 2015.
Source: SymantecAliases :
There are no other names known for Infostealer.Bancos.BF.
Explanation :
The Trojan may arrive on the computer through other malware.
When the Trojan is executed, it creates the following file: %UserProfile%\Local Settings\Application Data\Android.exe
Next, the Trojan creates the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[THREAT FILE NAME].exe" = "%CurrentFolder%\[THREAT FILE NAME].exe"
The Trojan injects fake login pages over the following banking websites: BradescoSantanderSicrediSicoobBanco ItauBanco do Brasil
The fake login pages resemble the targeted banks' branding.
The Trojan then steals user names and passwords that were inputted into these web forms and sends the data to the following remote location: [http://]casadocaralho2016.com/vitoria/note[REMOVED]Last update 06 November 2015
