S21sec has detected an ongoing spam campaign targeting netbank users of Chilean banks. This campaign is hitting around ten banks of this country including BBVA, Santander and Itaú among others.
The spoofed e-mail message is shown below:
The detection ratio of the downloaded malware (config.exe) is somewhat worst, only 11% percent detection based on VirusTotal statistics: https://www.virustotal.com/en/file/12f3b383f308eb1bf22b9123fbeb188ac607715e64154788de02c568126408d0/analysis/
This payload is a dangerous banker which attempts to mislead the unsuspected victim thinking that its bank is performing additional security verifications for her greater good. The victim is asked to type her two factor authorization’s security code that has been just sent to her mobile device. The message also states that the transaction details are fictive and they are not real:
Here is the complete list of targeted banks. Please be careful if you are customer of any of them:
-Banco de Chile