Categories: Computer SecurityMalware

New Banking Malware Steal Money From Victim’s Bank Accounts Using Weaponized Adobe Reader

New Banking Malware Steal Money From Victim’s Bank Accounts Using Weaponized Adobe ReaderNew Banking Malware Steal Money From Victim’s Bank Accounts Using Weaponized Adobe Reader

Newly discovered banking malware steal money from targeted victims bank accounts that distributed via malicious Adobe Reader.

A researcher discovered more than 300 unique samples which are used by 200 servers to compromise and steal money from victims bank account especially from  Brazilian credit institutions clients.

This Malware’s unique capability and evasion technique trying to find out whether the injected system has run under a virtual environment, if yes then it automatically terminates itself.

Also, it keeps monitoring the victims Windows local language settings and finds out the Portuguese language in order to avoid infection.

Dr.Web researchers named this malware as  Trojan.PWS.Banker1.28321 and it launch with the name of adobe reader.

Banking Malware Infection Process

The initial infection started by dropping malicious adobe reader applications into victims machine which later drops the VBscript scripts since the malware is written in .NET.

Once the infected users execute the malware then the load script is dropped by standard MSScriptControl.ScriptControl COM object.

Later it connects to attackers command & control server and downloads two ZIP-archives from it.

According to Dr. Web Research, One file contains the obfuscated dynamic library created using Delphi development environment. This library contains the malicious program’s main functions.

After the complete infection, Once the victims open the Internet banking sites of various Brazilian financial institutions such as Santander, Diagnostico BB, Sicredi, etc then it will replace the original web page with malicious fake authentication form.

Finally malware requests to enter an authorization verification code that received from banks then it will send to the attackers.

This scheme of replacing the content of original, user-viewed web pages with the “bank-client” systems is used by many banking Trojans. Often they threaten credit institutions’ clients not only in Brazil but around the world, Dr. Web Said.

Also Read:

Beware!! New Android Malware That Can Read Your WhatsApp Messages & Take Screen Shots

APT Group Uses Dangerous LoJax Malware That Can Survive After OS Re-installation and Hard Disk Replacement

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Leave a Comment
Share
Published by
Balaji
Tags: Adobe Readerbanking malwarecomputer securityMalware
7 years ago

Recent Posts

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series of…

4 hours ago

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers at…

5 hours ago

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities…

6 hours ago

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its…

7 hours ago

CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly…

8 hours ago

Disney Hacker Admits Guilt After Stealing 1.1TB of Internal Data

A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking into…

8 hours ago