whatsapp: An email pretending to be a government official whatsapp communication spreads the Gradoreiro banking Trojan. Known malware tracks users’ banking information after they infect the computer.
The malicious file steals banking information through fake pop-ups, similar to official banking websites. In addition, the virus acts as keylogging, recording the information entered by the victim.
The email from the phishing campaign using the whatsapp name prompts the user to download a backup of the messenger’s conversations and call history. The message will then contain an HTML file as an attachment.
The document “Open_Document_513069.html” contains a shortened URL that, when clicked, takes the user to a page with a download of a .zip file. The zipped entry has an installer containing Gradoreiro malware.
According to analysts, this is a new version of the banking Trojan that is already circulating in several Latin-speaking countries, including Brazil. In 2020, malicious software spread through emails with topics related to covid-19.