Cybercriminals embed Banking Trojan inside RTF file

If you are waiting for a bank receipt via email and living in Brazil, then be careful. Kaspersky security researchers have spotted a spam mail in which Brazilian Cyber criminals have come with a new and interesting trick to infect recipients.

The attack starts with a spam mail carrying "Comprovante_Internet_Banking.rtf"("Receipt from Internet Banking.rtf) file as attachment.

Usually, the attachment will be an executable file masquerades as a pdf file or an exploit file. Interestingly, in this case, it is just RTF file and is not exploit file. But it doesn't mean that the file is innocuous file.

When a user open the RTF file, the document shows an image thumbnail with a message "Click to see in a larger size". You may think what is going to happen when clicking an image thumbnail in a rtf file, but you will be presented with a message saying a CPL file is about to be executed.

Yes, it is a malware. Kaspersky detects it as "Trojan.Win32.ChePro", a Brazilian banking trojan written in Delphi.

How did the cybercriminals insert a malware inside a document?! The .RTF file and few other text editors allows us to insert file objects inside documents even an executable file. The attackers managed to embed the malware file using this feature.
Category: / / / /

Share this with Your friends: