TSPY_BANKER.EUIQ is a banking Trojan that stealthily redirects your browser to phishing copycat sites whenever you try to load a bank-related website. The exact site that causes the trigger can vary depending on TSPY_BANKER.EUIQ’s configuration, which may be adjusted over time. TSPY_BANKER.EUIQ also includes a secondary component that removes bank-related browser security. Although TSPY_BANKER.EUIQ may be installed by other PC threats, SpywareRemove.com malware researchers have seen signs that many TSPY_BANKER.EUIQ infections appear to be installed of the victim’s own free will – apparently due to TSPY_BANKER.EUIQ masquerading as a fake setup file for the Chrome browser. Victims are exposed to TSPY_BANKER.EUIQ’s file through links that are masked by reputable URLs (such as Google or Facebook), although TSPY_BANKER.EUIQ’s current attacks appear to be focused primarily on Brazil-based computers.
TSPY_BANKER.EUIQ – Starting at Brazil, with a Potentially Unlimited Destination
Like Mal/Behav-130 or Trojan-Downloader.Win32.Bancos, TSPY_BANKER.EUIQ is configured to target Brazilian banks and their users, but many of TSPY_BANKER.EUIQ’s capabilities are sufficiently flexible that they could also be applied to attacks against the banks of other countries. While some of the worst PC threats that SpywareRemove.com malware researchers have seen have been known to engage in .html injection and similar types of attacks against bank accounts, TSPY_BANKER.EUIQ confines its attacks to simple browser redirects. These redirects force the victim to load a fake bank website that’s utilized for phishing attacks.
TSPY_BANKER.EUIQ’s phishing sites currently have minor discrepancies in their titles, such as unnecessary underscores, and will also, like all phishing sites, include differences in their web addresses. SpywareRemove.com malware researchers remind that you never should input personal information, including bank account data, with any site that appears to be legitimate but displays a mismatched URL or other unusual changes. These minor differences can be the only sign of TSPY_BANKER.EUIQ’s phishing attacks, and, therefore, the only things to help you stop TSPY_BANKER.EUIQ from looting your account for everything that it’s worth.
Banking institutions that are targeted by current versions of TSPY_BANKER.EUIQ include any sites with the following URLs or text strings: ‘Caixa Econ – mica Federal,’ www.sicredi.com.br, ‘Banco Santander Brasil | Pessoa Jur dica | Atendimento empresarial, empresas’ and ‘Banco Ita – Feito Para Voc.’
The ‘Before’ and ‘After’ of Avoiding a TSPY_BANKER.EUIQ Attack
TSPY_BANKER.EUIQ can easily be avoided by not risking contact with suspicious browser installation files, particularly files entitled ‘ChromeSetup.exe.’ Since symptoms of TSPY_BANKER.EUIQ’s attacks are limited, you should be prepared to analyze your PC with suitable anti-malware programs if you’re aware of even a slight possibility of TSPY_BANKER.EUIQ’s presence on your computer. TSPY_BANKER.EUIQ will, in most cases, be accompanied by a second PC threat, TROJ_KILSRV.EUIQ, that deletes the GBPlugin (a popular security-related add-on for Brazilian bank sites).
As of the time of this writing, recent reports of successful TSPY_BANKER.EUIQ infections have increased significantly, from mere hundreds to thousands. Although TSPY_BANKER.EUIQ’s server is currently inaccessible, this doesn’t necessarily indicate that TSPY_BANKER.EUIQ is in any way neutered, and SpywareRemove.com malware researchers advise you to treat any possible TSPY_BANKER.EUIQ infection with the highest level of caution.
TSPY_BANKER.EUIQ Automatic Detection Tool (Recommended)
Is your PC infected with TSPY_BANKER.EUIQ? To safely & quickly detect TSPY_BANKER.EUIQ, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect TSPY_BANKER.EUIQ What happens if TSPY_BANKER.EUIQ does not let you open SpyHunter or blocks the Internet?
Posted: May 18, 2012 | By SpywareRemove
Threat Level: 8/10
Rate this article:
Detection Count: 169