Sneaky phishing scam in Brazil may hit U.S. shores

Share this article:
A clever phishing email is circulating Brazil and will more than likely hit the U.S.
A clever phishing email is circulating Brazil and will more than likely hit the U.S.

A clever phishing email is circulating Brazil, but one researcher suggests this crafty scam will more than likely cross shores to the United States before long.

The Portuguese-language email contains an attachment named, ‘Comprovante_Internet_Banking.rtf,' which translates to, ‘Receipt from Internet Banking,' according to a post by Fabio Assolini, a senior security researcher with Kaspersky Lab.

Those who open the file are presented with a document that is able to be opened in Microsoft Word and contains a tiny image of a receipt along with a message instructing recipients to click the image twice to see it in a larger size.

Double-clicking the image will bring up a message asking users if they want to open a .CPL file – and accepting it will execute malware that seeks out credentials for banking and payments.

“The .CPL file embedded into the .RTF file is a well-known Brazilian Trojan banker, written in Delphi, belonging to the family Trojan.Win32.ChePro,” according to Assolini. “After executed, it drops several files through the system to keep the infection running.”

Assolini adds, “Embedding malicious files into .RTF or .DOC files allows cyber criminals to bypass email filtering by extensions or type; also, it allows them to break the AV detection by signatures.”

Dmitry Bestuzhev, head of the Global Research and Analysis Team with Kaspersky Lab, Latin America, told SCMagazine.com on Wednesday that he is positive the phishing scam will make its way over to the United States.

“We are absolutely sure it will, however, the scope of the attack at the moment will be limited to the Portuguese-speaking residents only,” Bestuzhev said. “Maybe in the future, if Brazilian cyber criminals decide to go behind American banks, they may localize these attacks for the English-speaking people too.”

The .RTF file does not have any exploits with which to be concerned, Bestuzhev said, but he suggested users be careful by not executing anything extra – particularly if it is a .CPL or .EXE file.

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.