Lampion

Portuguese users need to be wary of a new cyber-threat that is being spread via phishing emails. The threat, dubbed Lampion, works as a Banking Trojan that is able to send users to phishing pages when they attempt to visit a legitimate online banking service. The threat achieves this by spying on the victim's Web browsing sessions and manipulating their connection when they attempt to connect to selected URLs. So far, the Lampion Trojan has been used against Portuguese users exclusively, but it would not come as a shock if the masterminds behind this campaign opt to expand it in the future.

The phishing emails used to deliver the Lampion Trojan may often claim to come from the Portuguese government, and the attackers use different topics such as tax returns, debt, etc. These messages come with a 'ZIP' attachment that contains three files – one of those files is a corrupted Visual Basic Script (VBS) file whose execution will trigger the Lampion Trojan.

The Lampion Banking Trojan core features are not spectacular, but it offers enough functionality to enable its operators to execute harmful and seamless phishing attacks. What Lampion stands out with is the fact that it possesses advanced anti-sandbox and anti-debugging modules that are meant to help it stay under the radar of anti-virus products and researchers. Thankfully, these measures have been bypassed by cybersecurity products successfully, and you can rest assured that anti-virus products will keep you protected.

Threats like the Lampion Trojan are very threatening because they are able to work silently – they are dormant mostly, and only activate their corrupted modules when the user attempts to complete online banking information. If you use your computer for banking operations, then you should take the required steps to protect your system and network connection via the services offered by modern anti-virus products certainly.