Banking Trojan posing as Avast AV

Status
Not open for further replies.
Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
A free AV product protecting a Windows XP machine, right?

qMasBh2.png


No, actually it’s malware – a Brazilian Trojan banker coming via email and then using a masquerade to stay in the system. The malware is 386Kb only, written in Delphi, and comes via an email together with a bunch of many other malicious and non-malicious files.

...

Before dropping the mentioned fake Avast product, another module, based on the anti-rootkit product Avenger, tries to remove the following legitimate AV products from the system if they are installed: AVG, McAfee, Panda, Nod32, Kaspersky, Bitdefender, Norton, Microsoft Security Essentials, PSafe, Avira and Avast.
Click to expand...

Source : Link
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Interesting approach, this is why modern security producst need to have a file reputation system and sandbox as default features..... Cyber criminals will always find a smart way of exploiting a system (like using a Aveger feature to disable an antivirus), however if the file is seen for the first time, it should be automatically sandboxed, and submitted for review to the developers.
 
Tom172

Tom172

Level 1
Feb 11, 2011
1,009
It's so very important to download software only from the manufacturers website. Although with the recent news about ComboFix being infected with a Sality varient, this isn't always going to mean 100% clean downloads.
 
McLovin

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,224
Geez, their getting better at hiding what they want to get across. As Jack said everything should be Sandboxed no matter where you download it from.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Before dropping the mentioned fake Avast product, another module, based on the anti-rootkit product Avenger, tries to remove the following legitimate AV products from the system if they are installed: AVG, McAfee, Panda, Nod32, Kaspersky, Bitdefender, Norton, Microsoft Security Essentials, PSafe, Avira and Avast.
Click to expand...


Talk about a brute force entry..:aikido: The Avenger is FileAssassin's predecessor for XP and Vista. It was one of the most powerful kernel level tool that was used if no other tool can remove certain malicious registries and files.
 
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • +Reputation
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
Replies
0
Views
1,181
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
New TOITOIN Banking Trojan Targeting Latin American Businesses
Replies
2
Views
1,289
News Archive
upnorth
upnorth
silversurfer
    • Like
    • +Reputation
Malware News Banking Trojans Target Latin America and Europe Through Google Cloud Run
Replies
0
Views
1,146
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top