Sneaky phishing scam in Brazil may hit U.S. shores

Share this article:
A clever phishing email is circulating Brazil and will more than likely hit the U.S.
A clever phishing email is circulating Brazil and will more than likely hit the U.S.

A clever phishing email is circulating Brazil, but one researcher suggests this crafty scam will more than likely cross shores to the United States before long.

The Portuguese-language email contains an attachment named, ‘Comprovante_Internet_Banking.rtf,' which translates to, ‘Receipt from Internet Banking,' according to a post by Fabio Assolini, a senior security researcher with Kaspersky Lab.

Those who open the file are presented with a document that is able to be opened in Microsoft Word and contains a tiny image of a receipt along with a message instructing recipients to click the image twice to see it in a larger size.

Double-clicking the image will bring up a message asking users if they want to open a .CPL file – and accepting it will execute malware that seeks out credentials for banking and payments.

“The .CPL file embedded into the .RTF file is a well-known Brazilian Trojan banker, written in Delphi, belonging to the family Trojan.Win32.ChePro,” according to Assolini. “After executed, it drops several files through the system to keep the infection running.”

Assolini adds, “Embedding malicious files into .RTF or .DOC files allows cyber criminals to bypass email filtering by extensions or type; also, it allows them to break the AV detection by signatures.”

Dmitry Bestuzhev, head of the Global Research and Analysis Team with Kaspersky Lab, Latin America, told on Wednesday that he is positive the phishing scam will make its way over to the United States.

“We are absolutely sure it will, however, the scope of the attack at the moment will be limited to the Portuguese-speaking residents only,” Bestuzhev said. “Maybe in the future, if Brazilian cyber criminals decide to go behind American banks, they may localize these attacks for the English-speaking people too.”

The .RTF file does not have any exploits with which to be concerned, Bestuzhev said, but he suggested users be careful by not executing anything extra – particularly if it is a .CPL or .EXE file.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Pirate Bay co-founder found guilty for hacking IT service provider

Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 ...

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.