Home / malware Infostealer.Bancos.BD
First posted on 30 November 2014.
Source: SymantecAliases :
There are no other names known for Infostealer.Bancos.BD.
Explanation :
This Trojan may arrive as a password protected archive downloaded by other malware.
When the Trojan is executed, it creates the following files:
borlndmm.dllgbsitedll.dllRunner.exe
The Trojan downloads a configuration file from the following remote location:
[http://]bandaluxuria.net/blog/upa[REMOVED]
Note: The configuration file contains the URL where the Trojan will upload stolen data.
The Trojan monitors the browser for the following strings:
www.bancodobrasil.com.brwww.caixa.com.br[bb.com.br]Caixa Econômica FederalBanco BradescoBanco Itaú - Feito Para VocêItaú Personnalité - Windows Internet ExplorerUniclass - ItaúUniclass - Windows Internet ExplorerSantanderSicredi
The Trojan then steals user account related information by tricking the user with phishing to input the information into fake login forms.Last update 30 November 2014
