Sneaky phishing scam in Brazil may hit U.S. shores

Share this article:
A clever phishing email is circulating Brazil and will more than likely hit the U.S.
A clever phishing email is circulating Brazil and will more than likely hit the U.S.

A clever phishing email is circulating Brazil, but one researcher suggests this crafty scam will more than likely cross shores to the United States before long.

The Portuguese-language email contains an attachment named, ‘Comprovante_Internet_Banking.rtf,' which translates to, ‘Receipt from Internet Banking,' according to a post by Fabio Assolini, a senior security researcher with Kaspersky Lab.

Those who open the file are presented with a document that is able to be opened in Microsoft Word and contains a tiny image of a receipt along with a message instructing recipients to click the image twice to see it in a larger size.

Double-clicking the image will bring up a message asking users if they want to open a .CPL file – and accepting it will execute malware that seeks out credentials for banking and payments.

“The .CPL file embedded into the .RTF file is a well-known Brazilian Trojan banker, written in Delphi, belonging to the family Trojan.Win32.ChePro,” according to Assolini. “After executed, it drops several files through the system to keep the infection running.”

Assolini adds, “Embedding malicious files into .RTF or .DOC files allows cyber criminals to bypass email filtering by extensions or type; also, it allows them to break the AV detection by signatures.”

Dmitry Bestuzhev, head of the Global Research and Analysis Team with Kaspersky Lab, Latin America, told SCMagazine.com on Wednesday that he is positive the phishing scam will make its way over to the United States.

“We are absolutely sure it will, however, the scope of the attack at the moment will be limited to the Portuguese-speaking residents only,” Bestuzhev said. “Maybe in the future, if Brazilian cyber criminals decide to go behind American banks, they may localize these attacks for the English-speaking people too.”

The .RTF file does not have any exploits with which to be concerned, Bestuzhev said, but he suggested users be careful by not executing anything extra – particularly if it is a .CPL or .EXE file.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.