Incidents

Brazilian taxpayers attacked by Trojan

Over the past few days our email honeypots in South America began to receive spam messages that invited recipients to download new forms for filing and paying taxes in Brazil. The links in the emails supposedly lead to Brazil’s federal tax service website. It is tax season in Brazil, so you can be sure that many, many people are looking for tax forms.

In reality, everyone who clicked on the links opened a well-crafted spoofed webpage.

The Trojan is packed with nPack and is 319488 bytes. Luckily, Kaspersky’s Proactive Defense Module detected this Trojan before we had a sample and updated our signatures.

The Trojan is being hosted on a legitimate website – on a real page. The hackers simply added code to the page. The victim of the hack is an ISP based in the US. The site is active, so we are monitoring it in case new modifications are uploaded.

In the meantime, Kaspersky Anti-Virus does detect this Trojan as Trojan-Downloader.Win32.Banload.jbr, so make sure you have updated your databases. And be careful – if something looks fishy during a download; it is possible malware.

Brazilian taxpayers attacked by Trojan

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox