BANLOAD Trojan tweaked to target Banking customers

securitymalware

Malwares are taking different forms for execution and security measures can fail to prevent the attack. BANLOAD is a malware that targets online banking customers of Banco do Brasil. According to TrendMicro the malware is bypassing all security measures and especially GbPlugin a special program that is added and helps to prevent malicious code from running during a banking session.

G-buster Plug-in provides a virtualized and hardened operating environment for safer online banking but BANLOAD starts by verifying if this plug-in exist on the system and if the program is found this indicate that the computer is used for conducting financial transaction while if there is no such plug-in the malware will delete itself and remove any trace on victim machine.

GbPlugin itself will not protect users from BANLOAD Trojan as the malware is advanced and deletes anti-fraud software like G-buster Plug-in (GbPlugin). The best way for protecting your system is by installing all security patches that will fix vulnerabilities on your system, Use security software with up to date signature definition and make sure that the security software scans your web navigation to stop any threat at an early stage.

TrendMicro detects the malware as TROJ_BANLOAD.GB and TSPY_BANKER.GB.

Share