14 DAY TRIAL // Researchers from Trend Micro have come across an interesting cybercriminal operation that uses malicious control panel (CPL) files in order to infect devices with malware.
The attack starts with a spam email that usually appears to be related to financial matters. These bogus notifications carry an RTF document.
When the document is opened, victims are presented with a thumbnail and a piece of text that instructs them to double-click on the image in order to make it large.
In reality, the RTF document file contains a malicious CPL file (TROJ_CHEPRO.CPL). When the image is clicked, the embedded file is executed.
The Trojan connects to a remote server and downloads a variant of the information-stealing malware known as Bancos. This particular threat has been mainly observed in Latin America.
Trend Micro says that only a small number of infections have been spotted. However, the use of control panel files could become more popular among cybercriminals if this campaign turns out to be effective.
Update. This particular type of attack was described by experts from Kaspersky back in early November.