PandaLabs, Panda Security’s malware detection and analysis laboratory, has detected a new malicious code, Banker.LSL, which uses the proximity of the Easter holidays to trick users with a YouTube religious video in Portuguese
Once run, the worm displays the video while it delivers its malicious payload. More specifically, the Trojan is designed to steal passwords for online banking services. Banker.LSL captures:
- Key strokes
- Mouse movements
- Mouse clicks
- Online forms filled in by the user.
The Trojan downloads a series of TXT files where it saves the information it has obtained, and tries to send them to a Web page.
“Users must be very careful, as this type of Trojan is usually distributed in email messages or Internet forums with links that seem to take to a YouTube video. However, they actually download the Trojan to the PC. In this case the Trojan does play the video to avoid raising any suspicion while infecting users”
, explains Luis Corrons, Technical Director of PandaLabs.