Fake emails used to spread Trojan
Waski is a trojan downloader spread through fake emails like the one shown below. The malware writers attempt to trick users into thinking that the attachment is a pdf file by giving it a suitable icon. Unwary users may mistake it for a document from their workplace, but on examination it is clear that the file is an executable. On running the file, Waski loads into memory, contacts its command and control servers and downloads the additional malware components. Waski also creates a unique identification number for the infected computer and reports a successful compromise. The real threat here though, is the downloaded trojan, Battdil.
Banking Trojan steals login data
The downloaded banking trojan Batdill, consists of two main components, an injector and a payload. The method of infection used is dll injection into a windows process. After successfully infiltrating the system, batdill intercepts bank login credentials from popular browsers like IE and Chrome. It also redirects users to modified/manipulated versions of bank websites which may look similar, but are traps to make the user spill out private data. Such a trojan in conjunction with phishing websites can be a powerful tool to gain access to unauthorized bank information. After making the steal, the trojan sends the information home anonymously using the I2P (Invisible Internet Project).
It is always best to avoid threats like these in the first step. A careful inspection of email attachments can easily prevent such infections and the golden rule: do not open attachments from unknown sources, also applies here.
Since Waski is a trojan downloader, a good antivirus and firewall is also enough to keep you safe.
Have a nice (trojan-free) day!
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trial