Fake AVs are aimed at HSBC users through phishing emails, finds Symantec

Fake and malicious e-mails storm the HSBC user mail accounts, urging the users to install a tainted version of Rapport, one of the trusted security programs which protect online bank accounts from fraud.

The spam campaign targeted at the HSBC users was detected by Symantec. The researchers from Symantec state that financial institutions are mainly targeted and are tricked into installing the Anti-Virus software, which is information stealing software named W32.Difobot.

The phishing emails that are claimed to be from HSBC, one of the biggest banking and financial services company in the world, bear the @hsbc.com in its mail id.

The fake Rapport software, when installed, steals the information from the compromised computer. The malware deploys the Windows GodMode to conceal itself from the infected computers. GodMode is also called as Windows Master Control Panel Shortcut and is a shortcut used for accessing several access control settings in certain versions of Windows.

In order to masquerade as an authentic and convincing security email, security advisory information and eco-friendly messages are featured in the email.

What does the malware do?

If the malware is triggered, it creates a folder for itself and then uses Windows GodMode to hide itself.

Also, the Trojan modifies registry entries in order to disable notifications and system tools in an attempt to shield itself.

As soon as the threat is rooted in the compromised computer, it interacts with command-and-control server. This way, the threat lets the attacker to perform actions remotely and steal information, such as financial data, from the infected computer.

However, it is feared that the spam may be a part of a larger campaign as other instances of similar HSBC themed emails have observed on other occasions.

Tag : Antivirus
FAQ
Q
We want to try out Symantec Endpoint Protection Cloud. How can we do that?
A
Anyone can start a free 60-days trial from the Symantec Endpoint Protection Cloud home page. You can use the Buy Now option on the Subscriptions page to convert your subscription from trial to paid.
Q
What is phishing email and how can it be Recognised?
A
Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information. Give a fake password. If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site.
Q
What can a phishing email do?
A
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. ... Phishing emails may contain links to websites that distribute malware.
Q
What is Fake AVs at HSBC users through phishing emails, finds Symantec?
A
Fake and malicious e-mails storm the HSBC user mail accounts, urging the users to install a tainted version of Rapport, one of the trusted security programs which protect online bank accounts from fraud.
The phishing emails that are claimed to be from HSBC, one of the biggest banking and financial services company in the world, bear the @hsbc.com in its mail id.
Q
What does the malware do?
A
If the malware is triggered, it creates a folder for itself and then uses Windows GodMode to hide.
Also, the Trojan modifies registry entries in order to disable notifications and system tools in an attempt to shield itself.