Welcome to the Virus Encyclopedia of Panda Security.
It is designed to steal users' banking details belonging to certain Brazilian banking entities. It reaches the computer in a file with the typical icon of the Internet Explorer browser.
|First detected on:||May 3, 2010|
|Detection updated on:||June 2, 2010|
|Yes, using TruPrevent Technologies
Banbra.GRW is a Trojan designed to steal users' banking details belonging to a certain Brazilian banking entities. In order to do so, when users access the website belonging to certain banking entities, that website is opened in a browser specially designed by the Trojan with malicious intention.
The website it displays is identical in appearance to the original one and in the address bar the page is the same as the original. However, it is a copy of the real website. If users enter their bank data in that website, it will fall into the hands of the creator of the Trojan.
Banbra.GRW reaches the computer in a file with the Internet Explorer icon. It does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.
Banbra.GRW is difficult to recognize, as it does not display messages or warnings that indicate it has reached the computer.
Curiously, if the version of the browser is not in Portuguese, the users who access the affected websites will see that the language of the browser has changed and it is now in Portuguese, as can be seen in the following images:
And more detailed: