Just because a malicious attack is happening in a region across the globe doesn’t mean that your country will be spared. Malware moves fast, and is currently out of control. No one seems to be spared or protected enough… including Google.
Telax banking Trojan has been discovered exploiting Google’s Cloud platform and targeting Portuguese-speaking users in Brazil.
Prior to being detected by the security researchers at Zscaler, the malicious campaign had been active for quite some time. According to the research, more than 100,000 users had been affected by it. Victims were tricked by social engineering schemes (phishing) and were prompted to click on malicious bit(dot)ly links. Classic approaches were used, such as luring users with the help of fake promotions, coupons, free applications like Avast and WhatsApp.
Telax Version 4.7 Malicious Payload
By clicking on the malicious link, a download of a .com or .exe file hosted on Google Cloud was triggered. Once the file was executed, the installation a payload downloader was initiated. A payload downloader is a computer threat aimed at downloading and installing other malware. The payload download in this particular attack was downloading the Telax banking Trojan. The version used in the scenario was discovered to 4.7. For now, only customers of Brazilian banks have fallen victims of Telax banking malware.
According to researchers, Telax is a sophisticated and complex Trojan with modular structure. Its command & control server was used to exfiltrate harvested information. Telax was also compatible with both 32 and 64-bit systems. Another sophisticated feature found within the Trojan’s design was its ability to check for reverse engineering environments.
In addition, Telax was also equipped with tools to capture and omit two-factor authentication.
The campaign was active in October. It was stopped when Google took down the malicious files hosted on its cloud service.
Banking Malware Is on the Rise
With the arrival of the winter holidays, banking malware is one of the biggest online threats. A new term has been coined for this particular time of the year – Christmas Malware.
Here are several tips to follow to protect your banking information:
- Apply online access to your credit card via the credit card’s issuer page.
- Make sure to check regularly your credit statement and verify your transactions.
- Look for suspicious $1 charges – crooks would check if your card works by making such ‘donations’.
- If a suspicious transaction is present in your bank card statement, contact your bank immediately. Fraudulent charges may be reversed, and your account would be frozen to keep crook activities from continuing.
- In case of a security breach in a company you are a customer of, be extra cautious. Your credentials and balance may not be hurt, but this is not a guarantee for your future safety. Contact your bank for advice. Also, keep in mind that cyber criminals may hold on to a stolen credit card number. The 16-digit credit card number is often sold on the black market.
- Be smart and protect your personal information:
- Sustain a powerful anti-malware tool. Sometimes several tools for user protection can be applied to decrease the possibility of an attack to the minimum. Also, improve your browser’s settings and browsing habits.
- Avoid using the ‘remember password’ option. Instead, keep all your logins and credentials offline, and change them frequently. Use stronger passwords – combinations of numbers and upper case letters, symbols etc.
– Social security number;
– Date of birth;
– PIN codes;
– Banking credentials;
– Website logins;
– Web searches.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter