Trojan ChePro, the CPL storm
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Trojan ChePro, the CPL storm | |
|---|---|
| Botnet | ChePro |
| Malware | |
| Botnet/malware group | Banking |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | Brazil, Russia, Portugal |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-12-27 |
| Editor/Conference | Kaspersky Securelist |
| Link | https://securelist.com/blog/incidents/58203/trojan-chepro-the-cpl-storm/ (Archive copy) |
| Author | Fabio Assolini |
| Type | Blogpost |
Abstract
“ Malware using the .CPL extension is nothing new for us, but it’s still interesting that almost all the banking malware currently originating in Brazil is distributed in this format. It doesn’t matter whether it’s a drive-by download or a simple attack based on social engineering, users find themselves at the epicenter of a real CPL storm every day. We decided to look into this trend and find out why Brazilian cybercriminals now favor this approach.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR4860,
editor = {Kaspersky Securelist},
author = {Fabio Assolini},
title = {Trojan ChePro, the CPL storm},
date = {27},
month = Dec,
year = {2013},
howpublished = {\url{https://securelist.com/blog/incidents/58203/trojan-chepro-the-cpl-storm/}},
}