Oi Fotos, a photo storage Web site in Brazil, has been victimized recently by a phishing-spyware combo.

Figure 1: Screenshot of the legitimate Oi Fotos Web site

The bad guys have taken advantage of the mobile service of Oi Fotos. The phishing email contains a notification that the recipient has received photos from a cellular account and offers them an opportunity to view them — and of course, they need to click on the image.

A rough translation of the displayed text is as follows:

"You received a Oi Photos from cellular (0xx) **** - 2981. To see the photos, just click on the image below."

Figure 2: Sample screenshot of the phishing email

Upon clicking as directed, the recipient is directed to a malicious phishing site, which eventually attempts to install a piece of spyware, a program that monitors and gathers user information (e.g. online banking login credentials) from the victim’s machine.

Figure 3: Sample screenshot of the pop-up window that prompts users to download a spyware file on their systems

Trend Micro already detects the file as MAL_BANKER, a heuristics detection name for files that manifest characteristics similar to those of the TSPY_BANCOS and TSPY_BANKER spyware families. These families can steal online banking information.

The URLS are now blocked by the Trend Micro Smart Protection Network.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!