Dangerous Trojan specializes in robbing the bank accounts and credit cards!

Experts from G Data Security Labs warn against a new wave of malware - spam that seeks to holders of credit cards and online banking users.

From Wednesday 18 November, have sent millions of emails with false requests for payment. In these emails requesting online banking customers to pay outstanding amounts or using a tool attached to decline the subscription.

The attached "module.zip" contains an executable file that installs a Trojan on the computer with the aim of recording the credit card numbers and online banking access. In addition, Trojan.Win32.Sasfis.vbw connects to servers in Ukraine and the United States to download and install new malware information. Have been sent these false requests for payment on behalf of multinationals such as Microsoft, Citrix, Delta Airlines, Starbucks, Yahoo, Novell, Black & Decker or Avis.

Screenshot of a fraudulent claim for payment

The modus operandi

The victim receives an email containing a payment request issued by a well known multinational company, including Microsoft, NBC Universal, Black & Decker, Steinway & Sons, Airways, Delta and Avis.

The email includes an attached program called "modulo.exe" in a zip file that the user must run to cancel the said payment. The file in question turns out to be a Trojan horse that is entered into the system, running operations in the background and nbuevo makes downloading malicious code. A back door will function as a team under the control of the scammers, and can be used for all types of illegal activities.