WhatsApp: An email pretending to be an official WhatsApp communication is spreading the banking trojan Gradoreiro. Well-known malware tracks users’ bank details after infecting the computer.
The malicious file steals banking credentials through fake pop-ups similar to official banking websites. Furthermore, the virus acts as keylogging, recording the information entered by the victim.
The phishing campaign email using the WhatsApp name prompts the user to download a backup of the messenger’s conversations and call history. The message then includes an HTML file as an attachment.
The document “Open_Document_513069.html” contains a shortened URL that, when clicked, takes the user to a page with a download of a .zip file. The zipped item has an installer with Gradoreiro malware.
According to analysts, this is a new version of the banking trojan that has already circulated in several Latin-speaking countries, including Brazil. In 2020, malicious software spread through emails with topics related to covid-19.