Panda Security’s anti-malware laboratory, has detected a new banking Trojan, Nabload.DUF, which uses supposed confidential information obtained from the personal computer of Brazilian President Dilma Rousseff to spread. The Trojan claims to grant users access to personal photos and the email account of Brazil’s first female president.
These Trojans use social engineering techniques to trick users into clicking on malicious links or downloading malware by exploiting the latest news, controversial issues or celebrity videos. These malicious links are typically spread by spam emails or posted on forums and social networking sites.
“Brazilian banking Trojans often use social engineering techniques to spread. Malware writers love to exploit hot topics to attract the attention of potential victims. It’s like the old saying, ‘Curiosity killed the cat’”, explained Luis Corrons, technical director of PandaLabs.
Apart from Brazil’s new president, attackers are using other more explicit topics to spread their creations. PandaLabs has detected a link with claims to contain videos of two famous Brazilian models (Nicole Bahls and Juju Salimeni) which could also compromise the security of curious users.
“These Trojans are extremely dangerous as they are designed to steal users’ online banking credentials. If an infected user tries to conduct an online financial transaction, the Trojan will take them to a fake website where it will be able to steal their passwords and, worse still, their money” added Corrons.