LoadPCBanker
LoadPCBanker is a banking Trojan that collects your information, credentials associated with bank account particularly. While this threat's payload is generically applicable to most Windows users, its campaign is using Brazil-specific tactics for compromising victims. Double-checking your downloads carefully before interacting with them can protect against infections and the usual anti-malware services should delete LoadPCBanker as a threat.
The Sports-Themed Lodging that's Inhabited by Trojans
Brazil's endangerment by the clustered ranks of old banking Trojans like the Metamorfo Banking Trojan and the fake security module of CamuBot is getting a refresher that's currently named LoadPCBanker. Although its payload has no functions that malware researchers would rank for oddness in this class of Trojan, its infection method is uniquely well-crafted for the region it's attacking. Like most Brazilian Trojan campaigns, LoadPCBanker attacks are Portuguese-language phishing lures with a highly-specific regional topic.
LoadPCBanker's installer is an executable that's pretending that it's a PDF document inside of a RAR archive – the archiving storage is a traditional ploy at tricking threat-detecting services. Its name includes a reference to a football (or 'soccer,' as per United States terminology) player, Manoel Carvalho, for the Brazilian Corinthians, and implies that the athlete provides guest house lodging as a side venture. Running the EXE installs LoadPCBanker, which maintains this fake naming strategy by its pretending that it's a version of the Outlook e-mail client.
While long-term readers with even superficial knowledge of banking Trojans' campaigns could guess at LoadPCBanker's list of features accurately, malware experts are providing a rundown for completion's sake. Verifiable features of LoadPCBanker include:
- Keylogging – the recording of keyboard typing.
- Taking screenshots.
- Intercepting copy-pasted data from the clipboard.
Kicking LoadPCBanker Out of the Team
Although LoadPCBanker covers the evidence of its existence reasonably well, such as clearing its download URLs from the local WinINet cache, its social engineering tactic is a simplistic one. Users that scan the archive or 'document' beforehand with proper security solutions should identify the threat to their computers. Even paying attention to the file's name and format can provide significant clues that the download isn't safe.
LoadPCBanker's threat actor has a clear interest in Brazilian banking activities, to the point of ignoring any infections that aren't fitting this profile. Users should block any monitoring or data-exfiltrating attempts by disconnecting from the internet and disinfecting their system immediately. Most Windows-compatible anti-malware programs should handle removing LoadPCBanker adequately.
LoadPCBanker is a bank account hijacker that could harm most Window users, but, instead, only is being weaponized against a minority of them. This choice is good news for non-Brazilians, but less so for Brazil's residents, who are under fire from a particularly concentrated tactic and accompanying Trojan's attack.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.