Fiendish Amavaldo banking trojan strikes in Mexico after targeting Brazilians

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively.

Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017, when they first launched an in-depth investigation into Latin American banking trojans. The trojan, whose name means “Lovable,” is anything but.

“After detecting a bank-related window, it takes a screenshot of the desktop and makes it look like the new wallpaper,” explains the ESET research team, in a company blog post today. “Then it displays a fake pop-up window chosen based on the active window’s text while disabling multiple hotkeys and preventing the victim to interact with anything else but the popup window.”

In January 2019, the actors behind Amavaldo were observed specifically targeting Brazilian banks and their users, but then April they expanded their activities to Mexico and now appear solely focused on the latter country.

In addition to its banking trojan functionality, the Delphi-based, modular malware also supports backdoor commands, including taking screenshots, using the webcam to capture photos, keylogging, downloading additional programs, restricting access to legitimate banking websites and mouse and keyboard simulation. Additionally, the malware collects information on infected victims, including the make of computer and its OS identification, and banking protections installed by the victim.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top