Neymar malware

Have you received an email with the subject “Mostra tudo Video intimo de Neymar e Bruna Marquezinel!!”? Well, if you have, be careful! PandaLabs has detected a malicious attack that uses the name of the FC Barcelona star as bait to install malware on users’ computers.

Neymar has been making headlines during the last few weeks. His controversial transfer to FC Barcelona, which has ultimately led to the resignation of the club’s president, and his alleged split from his girlfriend have put the Brazilian under the spotlight.

Going back to the subject of our post, the malicious email contains a link to download a supposed video. However, the downloaded file is a compressed file called Video_Intimo.zip, which, in turn, contains a file called Video_Intimo.cpl.

Once run, the file opens a Web page with a message indicating that the site is under maintenance and the video cannot be opened. Meanwhile, however, the file connects in the background to a number of Web addresses in an attempt to download and run different malware specimens. These malicious files will vary depending on the source address. According to PandaLabs, in most cases the downloaded malware is a banking Trojan designed to steal banking credentials from users.

The Trojan then downloads 2 executable files and creates a registry entry to ensure that the first file gets run on every system startup. The registry entry is called “GForce Update Monitor”. Finally, the malware copies itself under a random name to a folder called GForceCmp. The name GForce makes reference to the popular Nvidia graphics cards, in an attempt to pass itself off as a harmless file.

How to avoid this malware

First, don’t open the email message. You should never open strange-looking messages or messages from unknown senders. These social engineering techniques are often used by cyber-crooks to spread malware.

Additionally, keep your antivirus software always up to date. This is key to protecting yourself from these attacks. This virus is detected by Panda Security as Tr/Bancker.LDW.

If you suspect your computer may have been infected, use Panda Cloud Cleaner to detect and remove this malware.