14 DAY TRIAL // Last year, security researchers uncovered a new piece of malware mainly designed to target the systems of Russian Internet users. According to experts, the threat, dubbed Bicololo, has evolved.
ThreatTrack Security identified a new version of the malware on a shady Russian Android app site. The malicious element was disguised as one of the company’s products, VIPRE Antivirus.
After analyzing the app site, experts have determined that its sole purpose is to distribute malware disguised as software, games, movies and music. To make it more legitimate looking, the logos of various IT security companies are displayed on the website.
When users press the button to download the bogus antivirus, they’re served an archive file that contains an executable, “_vipre.exe” and a text file.
Once run, the executable deploys other malicious files. The HOSTS file on the infected system is modified to make sure that every time victims visit a certain website, such as my.mail.ru, odnoklassniki.ru, ok.ru, m.odnoklassniki.ru or vk.ru, they’re taken to corresponding phishing pages.
ThreatTrack Security’s Jovi Umawing reports that the phishing pages are well designed.
Additional technical details regarding this Bicololo variant are available on ThreatTrack Security’s blog.