Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    9:44 am (UTC-7)   |    by

    Oi Fotos, a photo storage Web site in Brazil, has been victimized recently by a phishing-spyware combo.

    Figure 1: Screenshot of the legitimate Oi Fotos Web site

    The bad guys have taken advantage of the mobile service of Oi Fotos. The phishing email contains a notification that the recipient has received photos from a cellular account and offers them an opportunity to view them — and of course, they need to click on the image.

    A rough translation of the displayed text is as follows:

    "You received a Oi Photos from cellular (0xx) **** - 2981. To see the photos, just click on the image below."

    Figure 2: Sample screenshot of the phishing email

    Upon clicking as directed, the recipient is directed to a malicious phishing site, which eventually attempts to install a piece of spyware, a program that monitors and gathers user information (e.g. online banking login credentials) from the victim’s machine.

    Figure 3: Sample screenshot of the pop-up window that prompts users to download a spyware file on their systems

    Trend Micro already detects the file as MAL_BANKER, a heuristics detection name for files that manifest characteristics similar to those of the TSPY_BANCOS and TSPY_BANKER spyware families. These families can steal online banking information.

    The URLS are now blocked by the Trend Micro Smart Protection Network.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice