Two ongoing malware distribution campaigns are sending banking Trojans to customers of Brazilian financial institutions, report Cisco Talos researchers, who also identified a spam botnet delivering malicious emails as part of the infection process.
Two separate infection processes were used in these campaigns between late October and early November, they say. The campaigns use different file types for the download and infection processes, but both target Brazilian firms. Researchers believe the attacker is from South America, where it would be easiest to use victims’ credentials to carry out fraud. Both campaigns eventually deliver banking Trojans. Researchers also found additional tools and malware hosted in an Amazon S3 bucket.
Read more about these banking malware campaigns on DarkReading.