Brazilian phishing scam urges finance workers to update banking module

Brazilian scammers are calling victims and urging them to install a supposed update of a bank's security module in a series of phishing attacks.

The supposed update is actually a malicious extension of Google Chrome capable of capturing banking credentials. The malware used in the exploit manages to fly under the radar of malware detection by targeting only a few select targets to avoiding binary code patterns, Morphus Labs researcher Renato Marinho said in an Aug 15 blog post.

Marinho said the attackers carefully research the targets via social network to identify those who deal with the company's finances. The threat actors then contact these workers posing as bank employees and instruct them to install the "latest bank module."

“Once the victim has followed the guidelines and installed the fake module, the fraudster guides the victim to a test access to the company's bank account,” Marinho said. “It is at this moment that the information is stolen.”

At the time Marinho wrote the post, the JavaScript malware files had a detection rate of 0 in VirusTotal threat detection software. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.