The scams are increasingly common in SpainIn addition, it is the favorite technique of cybercriminals to obtain personal information or bank data. There are all types: from messages that promise prizes, emails with alleged rewards to entities demanding some type of bank documentation That, in reality, it is an attempt to fraud.
Recently, the ESET cybersecurity company has detected a new diffusion of Grandoreiro Bank Trojan through emails fraudulent. Being concrete, the scammers are supplanting the identity of the Endesa energy companysending victims an email with an alleged invoice to download it and execute a malicious file.
The new scam that supplants Endesa
As we can appreciate in the images below, in the mail a Alleged Endesa billbut before believing that it is a legitimate document, we must review the sender of the e-mail.
In this case, the message identifier betrays an email address with Zimbawe domainIn addition, if we check where the link provided before clicking on it takes us, we can find details that indicate that we are facing an identity impersonation. Specifically, we see how we are redirected to the discharge of a ZIP file lodged on a server in Portugal.
At this point, we can see that cybercriminals encourage victims to download a zip compressed file containing an MSI installer. If, unfortunately, the user falls the trap, the scammers execute the malicious file in the form of a progress bar to mislead, while the Trojan performs its function.
Subsequently, with regard to the infection chain, the MSI file is used to download and install an executable that is the one that contains the Bank Trojan code per se. Therefore, once the Trojan manages to run successfully in the victim’s system, he proceeds to steal all possible credentials That the user introduces, especially those related to bank on-line.
Sign up to us Newsletter And receive the latest news about technology in your mail.
#Endesa #bill #arrived #read #bank #trly #steal #data
