Unfortunately, as we’ve seen countless times before, tragic events involving famous people will almost certainly end up being used by cybercriminals as part of their social engineering scams.
A few days ago, the Brazilian singer and songwriter Cristiano Araújo lost his life in a tragic car accident. Araújo’s music brought happiness to not only his fans in Brazil but also to many others in countries throughout South America as well as his fans around the world.
Sadly, following Cristiano Araújo’s death, Symantec started to observe malicious spam email using the news as a lure. Some of the spam emails attempt to entice users into downloading video footage of the accident. If users click on the Google Drive URL found in the email, they will end up downloading malware (detected as Downloader.Bancos).
Figure 1. Spam email example
Once the initial malware, a downloader, infects the computer, it will download Infostealer.Bancos, a well-known banking malware that has been plaguing South America for a while now. Our telemetry on the malware distributed by this spam campaign shows it targeting users in Brazil and Venezuela.
Figure 2. Infostealer.Bancos targeting users in Brazil and Venezuela
Symantec advises users to be cautious when it comes to emails crafted around popular news stories such as the one discussed in this blog as they may be malicious. This type of social engineering is not limited to email and users should also be careful on social media sites as similar tactics can also be used.
Before you click on a link in an email or one shared on social media, be sure to follow these best practices:
Protection Symantec and Norton detect the threats discussed in this blog as Downloader.Bancos and Infostealer.Bancos. The spam emails discussed in this blog are also blocked by our antispam technologies.