Massive spam campaign hits banks in Chile

S21sec has detected an ongoing spam campaign targeting netbank users of Chilean banks. This campaign is hitting around ten banks of this country including BBVA, Santander and Itaú among others.

The fake message pretends to be sent from a law firm warning the possible victim that he has debts and they attach a copy of the claim to the e-mail. However the download link instead of a pdf document directs the user to a malicious javascript that downloads additional malware into the system. The javascript file is highly obfuscated and currently only 27% of AV vendors detects it https://www.virustotal.com/en/file/b404a78f63eb0b2f381429d63900483c081c53c52295737fcf8ee21a6d3e5d9c/analysis/

The spoofed e-mail message is shown below:

post1

 

The detection ratio of the downloaded malware (config.exe) is somewhat worst, only 11% percent detection based on VirusTotal statistics: https://www.virustotal.com/en/file/12f3b383f308eb1bf22b9123fbeb188ac607715e64154788de02c568126408d0/analysis/

This payload is a dangerous banker which attempts to mislead the unsuspected victim thinking that its bank is performing additional security verifications for her greater good. The victim is asked to type her two factor authorization’s security code that has been just sent to her mobile device. The message also states that the transaction details are fictive and they are not real:

 

post2

 

Here is the complete list of targeted banks. Please be careful if you are customer of any of them:

-CorpBanca

-BBVA

-Banco de Chile

-Itaú

-Banco Security

-Banco Internacional

-BancoEstado

-Santander

-Banco Falabella.

S21SEC’S ADVANCED CYBERSECURITY SERVICES TEAM
Recent Posts

Leave a Comment