XPCTRA Malware
The XPCTRA Malware is a threatening piece of software used to collect payment information and other data from the systems it breaches. The malware appears to be most active in South America, but it is very likely that copies of it may be delivered to systems outside of the region as well. The XPCTRA Malware campaign was first identified in 2017, but the threat is still active in 2020.
Usually, the XPCTRA Malware targets are approached via a spear-phishing email, which claims to contain information about an important bill, payment, or other financial data. The victim is asked to download a review of a PDF attachment, which is a decoy document used to hide a corrupted macro script dedicated to unpacking and executing a threatening payload. If the victim is not using a reputable anti-virus tool to keep their system safe, the XPCTRA Malware may be able to freely plant its files and make several changes to grant itself persistence.
The method that XPCTRA Malware uses to interact with the victim's Web browsing sessions is very interesting. It installs an HTTP proxy service, which is then configured to redirect the user to 3rd-party pages whenever they try to access the Web pages of two Brazilian banks or other financial institutions. When the user is redirected to the fraudulent pages, they may be prompted to enter their login credentials and other information in fake fields. The data they submit is transferred to the server of the attackers.
In addition to hijacking financial information, the XPCTRA Malware also may be able to monitor activity related to Terra, Instagram, Hotmail, and Microsoft Live – this allows the criminals to gain illicit access to other accounts too. As we mentioned earlier, the XPCTRA Malware goes after other financial institutions too – it monitors Web browsers for sessions linked to Neteller, Perfectmoney, or Blockchain.info and tries to hijack information from these websites.
The XPCTRA Malware is not very rich in terms of features, but its attack may cause a lot of trouble if it is not caught and prevented on time. To ensure long-term protection against such threats, users need to invest in reputable anti-virus software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.