Brazilian Banking Trojan Disguises Itself as Avast! Antivirus

The threat attempts to remove legitimate security solutions

By on February 6th, 2013 13:15 GMT

A lot of interesting things are happening in Brazil these days, at least as far as malware research is concerned. Earlier today, we learned of a Trojan that used valid digital certificates and now we find out there’s a threat which disguises itself as Avast! Antivirus.

The banking Trojan, developed in Delphi, is distributed via email along with several other malicious and non-malicious files, Kaspersky experts explain.

Once it’s installed on a computer, the threat hides itself in the tray bar as Avast! Antivirus. The icon makes it appear genuine, but when it’s clicked, the victim is presented with an alert which reads “Your Avast! Antivirus is being updated, wait,” or “Avast! antivirus: Attention, your system is protected.”

So why hide their creation as Avast! Antivirus? Avast products are very popular in Brazil, so it’s less likely for the malware to raise any suspicions.

Besides the module that mimics Avast! Antivirus, the malware also drops a module which attempts to remove other legitimate security solutions, including ones from Kaspersky, AVG, Norton, Microsoft, Avira, Avast, ESET, McAfee and Panda.

1 Comment