Remtasu, a Windows-based trojan whose global reach has accelerated over the last year, has switched tactics, disguising itself as a malicious application for accessing people’s Facebook account credentials. Basically, the malware is now targeting users who themselves are up to no good, according to a Monday “We Live Security” blog post by IT security company ESET.
The dangerous Win32/Remtasu.Y malware automatically downloads onto machines after victims visit a drive-by download website, then it duplicates and hides itself among other files.
Virus activity is most prevalent in Colombia, but has also been detected in Turkey, Thailand and elsewhere. In previous iterations, the malware was downloaded when victims opened malicious files attached to phishing emails purporting to be from legitimate businesses or government agencies.
Certain variants allow hackers to pull up information stored on a device’s clipboard as well as capture keystrokes.