Javali

Javali is a dangerous banking Trojan that originates from Brazil. It is important to note that it is not compatible with Android devices and, instead, it runs exclusively on Windows systems. The first active copies of the Javali Trojan date back to 2017, and it seems that the malware's creators are relying on phishing emails to deliver the malicious payload to their targets. Often, the phishing emails contain a file attachment, but in some cases victims were asked to download a file from an external location. As you can probably guess, the files found in these emails are not legitimate, and they carry Javali's malicious code.

The Javali was very active in Brazil and Mexico, but it seems that it has recently started to target users in other parts of the world as well. One of the surprising traits of this banking Trojan is the significant size of the file used to spread it – victims were often told to download a RAR or ZIP archive that was over 600MB in size. It contains a lot of junk files and useless data that is used to conceal the small bit of code responsible for Javali's execution. Malware researchers were able to extract the portion of the code used by Javali, and determined that it was just 27.5MB in size – the rest of the files were useless.

Javali Trojan Focuses on Brazil, but Active Infections Were Detected in Mexico

Older variants of the Javali Trojan focused on financial institutions popular in Brazil and Mexico, but recent updates have introduced support for more popular banks and online payment systems. The Javali Trojan is able to intercept active Web browser sessions, and refer users to a phishing overlay whenever they try to access one of the banking sites that the Javali Trojan targets.

Protecting your computer from silent threats like the Javali can be achieved by investing in an up-to-date anti-malware software suite.