TROJ_CHEPRO.CPL

Posted: December 19, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	39

First Seen:	December 23, 2013
Last Seen:	August 17, 2020
OS(es) Affected:	Windows

TROJ_CHEPRO.CPL is a Trojan downloader that currently is distributing members of the Bancos family – a group of South American banking Trojans that steal passwords and other credentials from the accounts of major banks. While other methods also may be employed to distribute TROJ_CHEPRO.CPL, the latest attacks confirmed by malware experts and others in the industry implicate non-targeted spam e-mail attacks to blame, with disguised attachments including instructions that launch TROJ_CHEPRO.CPL, which then installs the Bancos Trojan. Besides educated users to avoid the risky actions required to initiate TROJ_CHEPRO.CPL's attack, updated anti-malware products should be capable of finding and removing TROJ_CHEPRO.CPL or its payload.

The Control Panel File that Controls Your Bank Account

Since September of 2013, a new campaign of spam e-mail aggression has been seen attacking random PC users. At first, these attacks used a standard, previously-seen pattern, wherein misleading messages requested readers to open accompanying RTF files, which were named to look like online banking documents. TROJ_ARTIEF.RTN, TROJ_ARTIEF.SDY and BKDR_POISON.DOC are examples of unrelated PC threats that use similar distribution models. Victims who were unwise enough to open these attachments were presented with an embedded image in the document, with instructions to double-click to expand the image. Of course, this launches TROJ_CHEPRO.CPL.

This is where the attack starts to become unique, since TROJ_CHEPRO.CPL actually is a threatening Control Panel file, rather than any of various common file formats for threats. Its file type aside, TROJ_CHEPRO.CPL is a specialized Trojan with one purpose: installing a Bancos Trojan. These Trojans are functional throughout Windows PCs around the world, but are particularly noted for specializing in attacks against South American bank users. The Bancos Trojan may be detected as TSPY_BANCOS.CVH, and malware experts can verify that its targeted websites may include:

Social networking domains a la Facebook.
Some search engines, such as Google.
YouTube and similar streaming media websites.
Some e-mail sites (Hotmail, etc).

User information transferred through these sites or several similar sites may be harvested by TROJ_CHEPRO.CPL's Bancos Trojan and sent to criminals.

Taking Control of Your Bank Account from a Fake Piece of Control Panel

Technically speaking, TROJ_CHEPRO.CPL is most interesting for its choice of file format, which doesn't affect its payload, but does provide slightly new avenues for criminals to attack vulnerable PCs. Malware experts especially would encourage updating anti-malware products prior to using them to delete TROJ_CHEPRO.CPL or TSPY_BANCOS.CVH, as a counter to the potential difficulty of detecting new PC threats that are using relatively unused Trojan formats.

TROJ_CHEPRO.CPL's tally of successful attacks appears to be low, but TROJ_CHEPRO.CPL also is a recently-identified Trojan. Ongoing attacks from the same criminals or affiliated ones may allow TROJ_CHEPRO.CPL's distribution to increase in the future. If you need to open e-mail files that bear any resemblance to a known TROJ_CHEPRO.CPL disguise, always scan them with reliable anti-malware tools before taking your bank account's safety for granted.

TROJ_CHEPRO.CPL

Threat Metric

The Control Panel File that Controls Your Bank Account

Taking Control of Your Bank Account from a Fake Piece of Control Panel

Leave a Reply