A new malware has been discovered, targeting bank customers, which seeks to steal passwords and Bitcoin from crypto-currency wallets.
The discovery was made by security vendor Cyren who considers this to be a massive outbreak of malware. This time, the malware is a keylogger that ends up on people’s computers as an attachment to emails regarding fake bank transfers.
The emails seem to come from bots in the United States and Singapore and appear to come from a number of banks, including Emirates. Typically, the email subject includes financial details such as online “wire transfer payment notification,” while the attachments come with some type of “swift” variation included. These are SWIFT codes, used to identify banks and financial institutions for fund transfers, making the emails seem genuine.
Malware works around the clock
Even though the files may appear to be PDF, for instance, they are instead executable files. Cyren says that once it is executed, the file deletes itself and creates a new file called “filename.vbs” in the Windows startup folder. Every time the computer is booted, the script runs, executing the malware.
In short, it starts collecting passwords and other sensitive information, focusing on FTP and web browsing software, both rich in credential data, as well as email tools. It collects everything from stored passwords and usernames, browsing history, cookies, and more.
If there are any crypto-currency wallets on the computer it will look for those too. The list of currency it tries stealing is fairly long and includes Bitcoin, Litecoin, Namecoin, and more.
The malware is essentially a keylogger, so everything you type on your keyboard and everywhere you place your mouse will be recorded.
That being said, you should pay extra attention to any email you receive telling you of payments or transfers you were not expecting.