ESET Latin America, an IT security company, has identified a banking trojan that has spread in Brazil, collecting confidential information through a government server.
The malware used “social engineering techniques” to enter systems through an “executable” file written in .NET. It also used Google Chrome browser plugins to steal “personal ID number, passwords and PIN or 4-digit validation number of cash cards and account numbers.”
ESET said the trojan “used a server without having to infect it, since the server lacked the adequate controls to prevent being misused by a third party.”
According to the antivirus and security software company with global headquarters in Slovakia, “this threat is not active anymore.”