The Latest in IT Security

Brazilians, banking Trojans and social engineering


Maybe you don’t know this, but many guys here in the lab can tell you where a banking Trojan is from just taking a look at it for a few seconds. There are a number of different banking Trojan families, but it’s really easy -once you have analyzed thousands of them- to group them by origin. In the case of the Brazilian ones, there are a number of tips that can be used:

– Size of the file (yeah, I know this is pretty basic but the size of those Trojans is way bigger than the average)
– Programming language (Delphi)
– Text strings (usually Brazilian or South American banks)

And I’m only talking about the binary file. If we take a look at the distribution methods, we can obtain more leads. Unlike the rest of the world, these Brazilian cybercriminals don’t use infection kits (MPack, etc.) but only social engineering techniques, which seems to be good enough for them. One of the latest cases we have seen was using the current president of Brazil, Dilma Rousseff, as bait. They usually spread the malware via e-mail in spam messages, or in Internet forums and social networks:

In this case the downladed file is the Trojan Nabload.DUF. Taking a look at the server where the file is hosted, we were able to find one folder with a different file (another Nabload):

My Brazilian Portuguese is not great but good enough to understand they are talking about Juju, Nicole and a video. But who are Nicole and Juju? Using one of Internet’s most powerful weapons, a search engine, we find out who Nicole and Juju are:

Nicole Bahls

Nicole Bahls

Juju Salimeni

Juju Salimeni












Now I know what kind of social engineering is this one ;)

Even though the file was uploaded in April, we found some spam messages distributed in July:

Remember that we are the weakest link in security, and it doesn’t matter how many security measures we do take, there are not -yet- an antivirus for human beings ;)

Leave a reply


SATURDAY, MAY 15, 2021

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments