ESET takes deep dive into Latin American banking trojans, starting with new Amavaldo malware family
Created: 2019-08-01 17:00:00
BRATISLAVA - ESET, a global leader in cybersecurity, has undertaken research into the infamous Delphi-written banking trojans known to target Latin America. After studying the malware distribution chains and internal banking trojan behavior, the ESET research team has identified more than ten new malware families, including the new Amavaldo malware family.
Banking trojans specifically targeting Latin America share a set of common characteristics. They are written in the Delphi programming language, contain backdoor functionality, abuse legitimate tools and software, and target Spanish or Portuguese-speaking countries.
Unlike most banking trojans, those targeting Latin America use a form of social engineering. They continuously detect active windows on the victim’s computer, and if they find one related to a bank, they launch an attack. These attacks are usually centered on persuading the victim to take an urgent or necessary action, often in the form of a software update, or verification of credit card information or bank account credentials.
The newly identified Amavaldo malware family can be characterized by its use of a custom encryption scheme used for string obfuscation. Similar to other banking trojans, the Amavaldo malware family utilizes backdoor commands once it has infiltrated, including obtaining screenshots, capturing photos of the victim via webcam, restricting access to various banking websites, and mouse and keyboard simulation.
Amavaldo uses a sophisticated attack technique – after detecting a bank-related window, a screenshot is taken of the desktop and made to look like the new wallpaper. A fake popup window is then displayed, preventing the victim from interacting with anything else outside of the window. ESET believes the malicious files used to infect the victim’s device are spread through an email spam campaign, with the files disguised as legitimate PDFs.
The Amavaldo malware has targeted Brazilian and Mexican banking applications.
To find out more about how ESET can protect you against malware, visit https://eset.version-2.sg
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.