• Categories
    Category
  • Categories
    Category
  • News
  • Tutorials
  • Forums
  • Tags
  • Users
News Comments FAQ Related Articles

Fake AVs are aimed at HSBC users through phishing emails, finds Symantec

3097

hsbc

Fake and malicious e-mails storm the HSBC user mail accounts, urging the users to install a tainted version of Rapport, one of the trusted security programs which protect online bank accounts from fraud.

The spam campaign targeted at the HSBC users was detected by Symantec. The researchers from Symantec state that financial institutions are mainly targeted and are tricked into installing the Anti-Virus software, which is information stealing software named W32.Difobot.

The phishing emails that are claimed to be from HSBC, one of the biggest banking and financial services company in the world, bear the @hsbc.com in its mail id.

The fake Rapport software, when installed, steals the information from the compromised computer. The malware deploys the Windows GodMode to conceal itself from the infected computers. GodMode is also called as Windows Master Control Panel Shortcut and is a shortcut used for accessing several access control settings in certain versions of Windows.

In order to masquerade as an authentic and convincing security email, security advisory information and eco-friendly messages are featured in the email.

What does the malware do?

If the malware is triggered, it creates a folder for itself and then uses Windows GodMode to hide itself.

Also, the Trojan modifies registry entries in order to disable notifications and system tools in an attempt to shield itself.

As soon as the threat is rooted in the compromised computer, it interacts with command-and-control server. This way, the threat lets the attacker to perform actions remotely and steal information, such as financial data, from the infected computer.

However, it is feared that the spam may be a part of a larger campaign as other instances of similar HSBC themed emails have observed on other occasions.

Tags:
sebastian
Author: 

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

Q

What does the malware do?

A

If the malware is triggered, it creates a folder for itself and then uses Windows GodMode to hide.
Also, the Trojan modifies registry entries in order to disable notifications and system tools in an attempt to shield itself.

Q

What is Fake AVs at HSBC users through phishing emails, finds Symantec?

A

Fake and malicious e-mails storm the HSBC user mail accounts, urging the users to install a tainted version of Rapport, one of the trusted security programs which protect online bank accounts from fraud.
The phishing emails that are claimed to be from HSBC, one of the biggest banking and financial services company in the world, bear the @hsbc.com in its mail id.

Q

What can a phishing email do?

A

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. ... Phishing emails may contain links to websites that distribute malware.

Q

What is phishing email and how can it be Recognised?

A

Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information. Give a fake password. If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site.

Q

We want to try out Symantec Endpoint Protection Cloud. How can we do that?

A

Anyone can start a free 60-days trial from the Symantec Endpoint Protection Cloud home page. You can use the Buy Now option on the Subscriptions page to convert your subscription from trial to paid.

Related Forums in Fake AVs are aimed at HSBC users through phishing emails, finds Symantec

Related Forums in Fake AVs are aimed at HSBC users through phishing emails, finds Symantec

Windows
grayson class=
How To turn off the Virus and threat Protection or Windws defender in Windows 7
Dec 19, 2019

Related News in Fake AVs are aimed at HSBC users through phishing emails, finds Symantec

Related News in Fake AVs are aimed at HSBC users through phishing emails, finds Symantec

Fake AVs are aimed at HSBC users through phishing emails, finds Symantec
Fake AVs are aimed at HSBC users through phishing emails, finds Symantec
Mar 15, 2017
13 Instagram malicious apps fished out from Google Play.
13 Instagram malicious apps fished out from Google Play.
Mar 10, 2017
Fear of Worldwide virus outbreak prompts Microsoft release updates for old widows
Fear of Worldwide virus outbreak prompts Microsoft release updates for old widows
May 21, 2019
‘Gnosticplayers’ hacker returns with fifth dataset containing over 65 million user accounts for sale
‘Gnosticplayers’ hacker returns with fifth dataset containing over 65 million user accounts for sale
Apr 17, 2019
Back To Top!
Rank
User
Points

Top Contributers

userNamenaveelansari
135850

Top Contributers

userNameayanbhatti
92510

Top Contributers

userNamehamzaahmed
32150

Top Contributers

1
userNamelinuxhelp
31040

Top Contributers

userNamemuhammadali
24500
Can you help Isaiah ?
What is the use of SUID & SGID commands

How to set the special permissions to the files and folders using SUID and SGID commands...

Networking
  • Routing
  • trunk
  • Netmask
  • Packet Capture
  • domain
  • HTTP Proxy
Server Setup
  • NFS
  • KVM
  • Memory
  • Sendmail
  • WebDAV
  • LXC
Shell Commands
  • Cloud commander
  • Command line archive tools
  • last command
  • Shell
  • terminal
  • Throttle
Desktop Application
  • Linux app
  • Pithos
  • Retrospect
  • Scribe
  • TortoiseHg
  • 4Images
Monitoring Tool
  • Monit
  • Apache Server Monitoring
  • EtherApe 
  • Arpwatch Tool
  • Auditd
  • Barman
Web Application
  • Nutch
  • Amazon VPC
  • FarmWarDeployer
  • Rukovoditel
  • Mirror site
  • Chef
Contact Us | Terms of Use| Privacy Policy| Disclaimer
© 2025 LinuxHelp.com All rights reserved. Linux™ is the registered trademark of Linus Torvalds. This site is not affiliated with linus torvalds in any way.