Sneaky phishing scam in Brazil may hit U.S. shores

Share this article:
A clever phishing email is circulating Brazil and will more than likely hit the U.S.
A clever phishing email is circulating Brazil and will more than likely hit the U.S.

A clever phishing email is circulating Brazil, but one researcher suggests this crafty scam will more than likely cross shores to the United States before long.

The Portuguese-language email contains an attachment named, ‘Comprovante_Internet_Banking.rtf,' which translates to, ‘Receipt from Internet Banking,' according to a post by Fabio Assolini, a senior security researcher with Kaspersky Lab.

Those who open the file are presented with a document that is able to be opened in Microsoft Word and contains a tiny image of a receipt along with a message instructing recipients to click the image twice to see it in a larger size.

Double-clicking the image will bring up a message asking users if they want to open a .CPL file – and accepting it will execute malware that seeks out credentials for banking and payments.

“The .CPL file embedded into the .RTF file is a well-known Brazilian Trojan banker, written in Delphi, belonging to the family Trojan.Win32.ChePro,” according to Assolini. “After executed, it drops several files through the system to keep the infection running.”

Assolini adds, “Embedding malicious files into .RTF or .DOC files allows cyber criminals to bypass email filtering by extensions or type; also, it allows them to break the AV detection by signatures.”

Dmitry Bestuzhev, head of the Global Research and Analysis Team with Kaspersky Lab, Latin America, told SCMagazine.com on Wednesday that he is positive the phishing scam will make its way over to the United States.

“We are absolutely sure it will, however, the scope of the attack at the moment will be limited to the Portuguese-speaking residents only,” Bestuzhev said. “Maybe in the future, if Brazilian cyber criminals decide to go behind American banks, they may localize these attacks for the English-speaking people too.”

The .RTF file does not have any exploits with which to be concerned, Bestuzhev said, but he suggested users be careful by not executing anything extra – particularly if it is a .CPL or .EXE file.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.