A researcher with CA has found a banking Trojan that uses a more aggressive approach to attempting to steal login credentials. Zarestel Ferrer, a senior research engineer with CA, found a Trojan which, following a drive-by download, will continue to launch pop-ups on a victims computer prompting them to update their bank login credentials until the user enters their login data.
The pop-up message appears to come from Brandesco and is in Portuguese, with some Cyrillic alphabet characters included as well (pointing perhaps to Russian cyber criminals).
The message reads:
NOTICE TO ALL CUSTOMERS OF THE BRADESCO!
Note: This Application Security Bradesco, will make the re-registration you need to be more protected and ready to use the new system which now come into force in February. Watch for updates as these and sign up as quickly as possible.
Bradesco S / A bringing more convenience and security to you!