Wells Fargo Clients Targeted by Fareit Malware; Sensitive Info Exposed
By: Bianca Stanescu | comment : 0 | June 20, 2013 | Posted in: Alerts, E-Threats
Wells Fargo clients are again targeted by data-stealing malware through a well-crafted spam campaign. The Trojan known as Fareit comes packed with a password-stealing component that allows malware writers to gather sensitive details from users’ devices, including Facebook and email credentials.
According to Bitdefender data, the systems most infected with this family of Trojans are located in the US, home to Wells Fargo. In the last week, the same type of Trojan has been making rounds in France, Croatia, Italy, Australia, Belgium, Spain, Romania, Egypt, and the United Arab Emirates. Fareit is a multiple-component malware family that consists of a password-stealing component that grabs sensitive information from the victim’s computer and sends it to a remote machine. The malware family also contains a DDoS component that may be controlled to flood other servers in collective attacks. Once installed, the malware also downloads and executes Zbot or Zeus, one of the most notorious and widespread Trojans so far. With a general subject such as “Important Documents,” the malicious emails pose as coming from Wells Fargo employees. To make the spam look legit, scammers included links to the authentic financial institution. When opening the attachment, which is also dubbed with the bank’s name, users end up installing a hidden EXE file packed in a PDF extension.