SolarSys
Brazil is a region that banking Trojans target frequently, and this trend continues in 2020. Recently, malware researchers uncovered a previously unknown campaign, which targeted the clients of various Brazilian banks and financial organizations. Allegedly, the criminals behind this campaign are using a collection of hacking tools and scripts, which serve multiple purposes. The collection of these tools is being referred to as the SolarSys malware toolkit, and it is one of the more impressive cybercrime operations seen in Brazil.
The SolarSys Banking Trojan Goes after Brazilian Users
It is likely that the criminals behind the SolarSys operation are using a wide range of tricks to reach potential victims. The initial infection vector appears to rely on fake MSI installers, which pose as helpful tools related to programming languages like HTML, JavaScript and others. The corrupted MSI installers deploy a JavaScript backdoor and also grants it persistence. The backdoor tries to download and run additional modules, and it repeats this task every 11 hours.
The second component to be associated with the SolarSys malware toolkit is a custom-built mail worm, which phishes for more victims. This part of the attack is executed by deploying a legitimate copy of the NodeJS environment and then using pre-made NodeJS scripts to simulate clicks and send emails to the victim's contacts. As you can probably guess, the emails contain a phishing message accompanied by a file attachment bearing SolarSys's components.
This Trojan also Targets Web Browsers
The next step of the SolarSys is to download a corrupted infostealer that targets the Google Chrome Web browser exclusively. It tries to hijack login credentials, cookies, and other information that the criminals could make use of. After this, the malware proceeds with the last step, which involves downloading a banking Trojan. The threat in question phishes for various login credentials, and it targets banks like Banco do Brasil, Bradesco, Santander, Sicoob, CrediSIS, Banco Mercantil and others.
Clients of Brazilian banks are under a constant barrage of threatening malware trying to hijack their profiles and empty their accounts. It is recommended to take the required precautions to stay safe from attacks like the one explained above. This can be completed by utilizing the two-factor authentication (2FA) offered by your bank, as well as by ensuring that your computer and smartphone are protected by an up-to-date anti-virus tool.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.