Spy Banker Trojan Links Distributed Through Social Networks

Security researchers with Zscaler ThreatLabZ reported a new malicious campaign targeting users in Brazil. On this malicious attack cybercriminal are using a new version of Spy Banker Downloader Trojan that is distributed over social networks specifically Facebook and Twitter.
The attack is starts by sharing a malicious link on social network for fake Avast antivirus software or WhatsApp messenger. Following the link will infect the visitor as user is redirected to Google Cloud server that is spreading Spy Banker. Checking bit.ly states the link were opened 103 thousand time which makes number of infected users is high.


Link Sharing Geographic Location Sourced Zscaler ThreatLabZ

The new version has many improved features to protect itself against antimalware’s. The Trojan will scan the system searching for any security software installed. It will also find out the default browser, operating system version and send all information to the C&C servers.

This malicious campaign is a compilation of cyber-attacks between phishing attack on social media, infecting users with malicious Trojan and turning victim’s computer as part of a large botnet for further attack. the infected computer can be used for many purposes including garbing financial information.

To protect yourself make sure to keep all your application and operating system updated, be very careful with social media links because this is one of the used ways to promote malicious links.