14 DAY TRIAL // Security researchers from Kaspersky warn of an email-based attack directed at Brazilian online banking users, which uses real names and national identification numbers, to trick them into downloading a trojan.
The fake emails are crafted to appear as originating from Banco Itaú, one of the largest banks in Brazil, and notify users of a mandatory update for the iToken secure authentication device.
The alleged download link for the new iToken version 1.3, which is included in message, leads to a page serving a malicious executable.
This file is the installer for a computer trojan designed to steal online banking credentials and other sensitive information. Kaspersky Lab products detect the threat as Trojan-Downloader.Win32.Delf.agkm.
Banking trojans and phishing attacks are very common in the Brazil, but the use of real CPF (Natural Persons Register) numbers is what makes this one stand out from the crowd.
CPFs are the Brazilian equivalent to Social Security numbers and unfortunately they add a lot of credibility to the rogue emails.
"The number is unique and is a prerequisite for a series of tasks like opening bank accounts, to get or renew a driver’s license, buying or selling real estate, receiving loans, applying for jobs (especially public ones), getting a passport or credit cards.
"Using such data it is possible to for a cybercriminal to impersonate the victim and steal his identity in order to access resources or obtain credit and other benefits in that person's name," explains Fabio Assolini, a researcher with Kaspersky Lab Brazil.
This information could only have been obtained as a result of a data breach incident, however, it doesn't mean that the same attackers are responsible for it.
Unfortunately, in Brazil one can easily acquire stolen personal information. CDs with names and CPF numbers sell on local auction sites and Internet forums for around $190.
