Trojan.Win32.Jumcar

Trojan.Win32.Jumcar is a browser hijacker that distributes itself through a botnet-enabled spam e-mail system and redirects the victim's browser to malicious sites in an effort to steal bank-related information. Trojan.Win32.Jumcar's campaign has been ongoing since March of this year and is of most danger to residents of Peru, although SpywareRemove.com malware analysts warn that other South American countries also are at risk. Anti-malware products should be used to detect and delete Trojan.Win32.Jumcar, which will attempt to target your login data for various South American bank accounts. Website admins also should be watchful for any malicious content related to Trojan.Win32.Jumcar, which can include multiple components, such as a backdoor utility and a mass-mailer.

Trojan.Win32.Jumcar: Peru's Answer to the Brazil's Banking Trojan Industry

SpywareRemove.com malware researchers have long been familiar with South America's proclivity towards bank website-related PC threats, much like the contrasting Police Ransomware epidemic spreading through distant Europe. However, Trojan.Win32.Jumcar can be considered a new page in the chapter of online bank heists, with attacks that are based on hacking innocent sites, sending e-mail spam and redirecting your browser to malicious websites.

Domains that host Trojan.Win32.Jumcar Trojans are compromised sites that were hacked and forced to host the installation files, which are then promoted through e-mail links. The links and corresponding e-mails are disguised with visual templates that heavily reference known social networking brands – and SpywareRemove.com malware researchers especially noted the frequent usage of the Facebook brand name. Once a victim follows the link and launches the corresponding file, Trojan.Win32.Jumcar will be activated. Whether or not Trojan.Win32.Jumcar actually installs itself as a separate program will depend on which version of Trojan.Win32.Jumcar you have – earlier versions of Trojan.Win32.Jumcar installed normally and launched with Windows (via Registry exploits). However, new variants of Trojan.Win32.Jumcar limit themselves to making malicious DNS changes without any attempt to remain active after the fact.

Trojan.Win32.Jumcar's DNS changes redirect your browser automatically from major Peruvian bank sites to fake phishing sites that are designed to look identical to the real bank websites. However, giving any information to these sites is essentially the same as handing it directly to criminals, who will be happy to break into your account and initiate fraudulent transactions.

Keeping Your Money Out of Trojan.Win32.Jumcar's Reach

The bulk of the Trojan.Win32.Jumcar campaign has concentrated on Peru, but countries such as Chile, Argentina, Colombia and even as far north as Mexico have also been suffered from meaningful numbers of Trojan.Win32.Jumcar attacks. From the point of view of blocking its dissemination, Trojan.Win32.Jumcar is the responsibility of all website administrators, who should keep their software up-to-date and delete any code responsible for employing Trojan.Win32.Jumcar as quickly as possible.

For the casual PC user, SpywareRemove.com malware experts recommend being careful about clicking on social networking e-mail links, especially Facebook-themed ones that are most likely to be used by Trojan.Win32.Jumcar. If you do follow such a link, notice any unusual bank account activity or have other causes to think that you might have Trojan.Win32.Jumcar problems, you should use anti-malware software to remove Trojan.Win32.Jumcar and any settings changes that Trojan.Win32.Jumcar causes.