Win32/Bradop is a family of banking Trojans that include separate spyware and Trojan downloader components. Like Mal/Behav-130, Win32/Bancos or TSPY_BANKER.EUIQ, Win32/Bradop appears to predominantly target Brazil-based bank accounts via its distribution through spam e-mail. Unlike some similar PC threats, Win32/Bradop-based Trojans only require you to click on an embedded image, rather than download a file attachment, to be infected. In addition to harvesting Brazilian bank credentials, Win32/Bradop Trojans can also steal more broadly-applicable data than the above, such as Twitter and e-mail account information. Like all banking Trojans, Win32/Bradop and its relatives are extreme violations of your computer’s privacy and safety, and SpywareRemove.com malware researchers encourage you to use suitable anti-malware software to detect all components of a Win32/Bradop infection for their removal.
Win32/Bradop: Pretending to Restore Money for Its Heist
Win32/Bradop e-mail messages use Portuguese text and use the pretense of being sent to clear up a financial debt as part of a series of communications that was supposedly initiated by phone. Although Win32/Bradop e-mails even reference consumer protection in their messages, these e-mails don’t have any interest in your protection, since clicking the receipt image that’s provided will immediately result in contact with a Win32/Bradop installer (identified as TrojanDownloader:Win32/Bradop.A).
Besides installing its banking Trojan, the downloader component of Win32/Bradop may also disable the UAC and open an irrelevant web page for Brazilian news to distract you from Win32/Bradop’s installation process. Sadly, the features of the second half of a Win32/Bradop attack are even worse for your computer’s security than these attacks, as explored further in this article.
When a Win32/Bradop Downloader Turns into a Spy
After its installation, Win32/Bradop’s malicious Browser Helper Object will attach itself to Internet Explorer with the detection label of TrojanSpy:Win32/Bradop.B. This second half of Win32/Bradop will use screenshots and other methods of stealing personal information, and SpywareRemove.com malware researchers note that the following sources are especially at risk:
- Brazilian banks (Caixa Economica Federal, Banco do Brasil, Sicredi, etc).
- Credit card payment portals.
- Domain hosting sites (such as Kinghost.net, Pachost.com.br and Hostnet).
- E-mail and social networking accounts, including Gmail, Twitter, Hotmail and Globomail.
Since Win32/Bradop has had a, frankly, astounding rate of success in its social networking attacks, SpywareRemove.com malware experts especially caution you to avoid clicking on suspicious e-mail links from messages that fit Win32/Bradop’s e-mail template. Actual removal of Win32/Bradop should always be done with anti-malware programs that can detect all components of a Win32/Bradop infection. Because many Win32/Bradop-affiliated PC threats were only identified as of April 2012, you should be especially certain of updating your anti-malware software in cases where their databases are older than this date.
Win32/Bradop Automatic Detection Tool (Recommended)
Is your PC infected with Win32/Bradop? To safely & quickly detect Win32/Bradop, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Win32/Bradop What happens if Win32/Bradop does not let you open SpyHunter or blocks the Internet?
Posted: June 19, 2012 | By SpywareRemove
Rate this article: