Win32/Spy.Banker [Threat Name] go to Threat

Win32/Spy.Banker.ACHM [Threat Variant Name]

Category trojan
Size 386560 B
Detection created Jun 30, 2015
Signature database version 11869
Aliases TrojanSpy:Win32/BrobanLaw.A (Microsoft)
  Infostealer.Bancos (Symantec)
Short description

Win32/Spy.Banker.ACHM is a trojan that steals sensitive information. The trojan can send the information to a remote machine.

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan collects sensitive information when the user browses certain web sites.


It also monitors windows with any of the following strings in the name:

  • SANTANDER
  • BRADESCO
  • INTERNETBANKINGCAIXA
  • BANCOITAFEITO
  • 30 horas
  • CITIBANKBRASIL
  • DICABANCOHSBC
  • MeuHSBCInternet
  • BBCOMBR

The following programs are affected:

  • Mozilla Firefox
  • Google Chrome
  • Internet Explorer

The trojan may display the following message:

  • O Módulo de segurança no está desatualizado, continue seu acesso usando o Internet Explorer 7.0 ou superior.

The trojan can send the information to a remote machine. The HTTP protocol is used in the communication.

Other information

The trojan keeps various information in the following Registry key:

  • [HKEY_LOCAL_MACHINE\­Software\­AXSPH]

Please enable Javascript to ensure correct displaying of this content and refresh this page.