Malware Relies on Venezuelan Elections to Disable UAC, Steal Credentials

The threat appears to be developed especially for this country

By Eduard Kovacs on October 12th, 2012 12:49 GMT

An interesting piece of malware has started making the rounds in Venezuela after the country’s presidential elections ended.

It all starts with a file called listas-fraude-electoral.pdf.exe (Fraud election lists), which is spread via a fake news TV station, Kaspersky Lab Experts found.

The curious thing about this piece of malware, identified as Trojan.Win32.Agent.uael, is that it’s designed to target not only regular Venezuelan users, but also government employees.

Once its installed onto a computer, the threat disables the operating system’s User Account Control (UAC), allowing the cybercriminals to run administrative commands without being restricted in any way.

Then, it silently waits for the victim to visit the website of one of five Venezuelan banks. When one of these sites is visited, the user is taken to a malicious host which allows the attackers to steal his/her online banking credentials.

Finally, the malware – most likely operated by Venezuelan cybercriminals – is designed to steal the login credentials of Government employees who sign in to the Comision de Administracion de Divisas (The Commission of Currency Administration) website.

The fact that this government agency’s employees are targeted is not random. The organization is in charge of administrating legal currency exchange in Venezuela.
Geographical distribution of Trojan.Win32.Agent.uael
   Geographical distribution of Trojan.Win32.Agent.uael
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments