An interesting piece of malware has started making the rounds in Venezuela after the country’s presidential elections ended.It all starts with a file called listas-fraude-electoral.pdf.exe (Fraud election lists), which is spread via a fake news TV station, Kaspersky Lab Experts found.
The curious thing about this piece of malware, identified as Trojan.Win32.Agent.uael, is that it’s designed to target not only regular Venezuelan users, but also government employees.
Once its installed onto a computer, the threat disables the operating system’s User Account Control (UAC), allowing the cybercriminals to run administrative commands without being restricted in any way.
Then, it silently waits for the victim to visit the website of one of five Venezuelan banks. When one of these sites is visited, the user is taken to a malicious host which allows the attackers to steal his/her online banking credentials.
Finally, the malware – most likely operated by Venezuelan cybercriminals – is designed to steal the login credentials of Government employees who sign in to the Comision de Administracion de Divisas (The Commission of Currency Administration) website.
The fact that this government agency’s employees are targeted is not random. The organization is in charge of administrating legal currency exchange in Venezuela.