Home / malware TrojanSpy:Win32/Bancos.AKS
First posted on 12 February 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanSpy:Win32/Bancos.AKS.
Explanation :
Threat behavior TrojanSpy:Win32/Bancos.AKS is a member of Win32/Bancos - a family of data-stealing trojans that captures online banking credentials, such as account login names and passwords, and relays the captured information to a remote attacker. Most Win32/Bancos variants target customers of Brazilian banks, though some variants target customers of banks in other locations.
Installation
TrojanSpy:Win32/Bancos.AKS creates the following files on your PC:
- c:\documents and settings\administrator\application data\v127txt
Payload
Contacts remote host
TrojanSpy:Win32/Bancos.AKS might contact a remote host at bit.ly using port 80. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 8c65785d0dd76a2ba5ef5778d31b4e393dc216d3.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\application data\v127txtLast update 12 February 2014
