New report: Malware attacks Chilean banks and bypasses SmartScreen, by exploiting DLL Hijacking within popular software
10th May, 2018, By Eleven Paths
ElevenPaths has spotted an enhanced and evolving Brazilian banking trojan (probably coming from KL Kit,) through using a new technique to bypass the SmartScreen reputation system and avoid detection in Windows. It targets mainly Chilean banks, and this Trojan downloads legitimate programs and uses them as a “malware launcher” injecting itself inside, in order to take advantage of “dll hijacking” problems in the software. In this way, the malware can be launched “indirectly”, and bypass the SmartScreen reputation system and even some antiviruses.
Amongst the ransomware plague, Banking Trojans are still alive. ElevenPaths has analyzed N40, which is an evolving malware that is quite interesting, in relation to the way it tries to bypass detection systems. The trojan is, in some ways, a classical Brazilian banking malware that steals credentials from several Chilean banks, but what makes it even more interesting are some of the features it includes, which are not that common in this kind of malware.
Powered by WPeMatico