ESET takes deep dive into Latin American banking trojans, starting with new Amavaldo malware family

Next story

BRATISLAVA, August 1, 2019 ESET, a global leader in cybersecurity, today published research into the infamous Delphi-written banking trojans known to target Latin America. After studying the malware distribution chains and internal banking trojan behavior, the ESET research team has identified more than ten new malware families, including the new Amavaldo malware family.

Banking trojans specifically targeting Latin America share a set of common characteristics. They are written in the Delphi programming language, contain backdoor functionality, abuse legitimate tools and software, and target Spanish- or Portuguese-speaking countries.

Unlike most banking trojans, those targeting Latin America use a form of social engineering. They continuously detect active windows on the victim’s computer, and if they find one related to a bank, they launch an attack. These attacks are usually centered on persuading the victim to take an urgent or necessary action, often in the form of a software update, or verification of credit card information or bank account credentials.

The newly identified Amavaldo malware family can be characterized by its use of a custom encryption scheme used for string obfuscation. Similar to other banking trojans, the Amavaldo malware family utilizes backdoor commands once it has infiltrated, including obtaining screenshots, capturing photos of the victim via webcam, restricting access to various banking websites, and mouse and keyboard simulation.

Amavaldo uses a sophisticated attack technique – after detecting a bank-related window, a screenshot is taken of the desktop and made to look like the new wallpaper. A fake pop-up window is then displayed, preventing the victim from interacting with anything else outside of the window. ESET believes the malicious files used to infect the victim’s device are spread through an email spam campaign, with the files disguised as legitimate PDFs.

The Amavaldo malware has targeted Brazilian and Mexican banking applications.

To find out more about how ESET can protect you against malware, visit www.eset.com

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com or follow us on LinkedInFacebook and Twitter.