Avast protected more than nearly 27,000 users since the beginning of this year from more than 155,000 infection attempts made by Guildma malware
Avast has protected nearly 27,000 users since the beginning of this year from Guildma, malware that is attacking 130 banks and 75 other web services, such as Netflix, Facebook, Amazon, and Google Mail, around the world.
The Avast Threat Labs has been tracking Guildma for several months and has now published a detailed analysis of the malware.
Guildma includes a remote access tool (RAT), spyware, as well as password stealing, and banking Trojan capabilities. Previously, Guildma targeted users and services in Brazil, only infecting computers running in Portuguese, but it has spread to other languages. It is still avoiding computers running in English.
Guildma spreads via targeted phishing emails posing as invoices, tax reports, invitations and similar types of messages. The emails are personalized in the sense that they address their victims by name.
Guildma crawls through infected computers to find banking-application related files, windows that may belong to these applications and even browser windows with opened e-banking sites. If it does not detect any windows or programs belonging to one of the banks from its list2, Guildma searches for certain desktop email clients, and services like Netflix, Amazon, and Facebook opened in browser windows. When Guildma detects a service from its list, it is capable of taking a number of actions, including stealing login credentials and contacts, taking screenshots, intercepting mouse and keyboard clicks, remote controlling the computer, such as pressing keys, mouse-clicking, and manipulating files. Furthermore, Gui ..
Support the originator by clicking the read the rest link below.
