Malware, Threat Management

Researchers spot Nemucod in Brazil spreading banking trojans

ESET researchers spotted the Nemucod downloader used to spread banking trojans and other malware in Brazil.

On August 12, ESET researchers spotted an outbreak of a new Spy.Banker variant that is similar to previous ones used by other banking trojans in South America and that, during execution, check if the victim's system settings are in Portuguese before injecting the banker's payload, according to an Aug. 17 blog post.

The trojan is spread along with two modified versions of an unnamed popular utility software, which are used to extract usernames and passwords from popular browsers as well as credentials for local email clients, the blog said.

In order to prevent infection, researchers recommend users identify and block emails with with .EXE, *.BAT, *.CMD, *.SCR, and *.JS attachments.

Related

Rootkit capabilities likely with Windows bugs

Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.