The Guildma malware’s activity was first spotted back in 2015. This threat is a spyware toolkit, which is very well crafted. At first, the authors of the Guildma toolkit concentrated their operations in Brazil only. However, at some point, the creators of the Guildma malware decided to launch more ambitious campaigns going after targets worldwide. The threat was programmed to only function with Brazilian banking institutions, but ever since its creators decided to expand their reach, and 130 more banking portals worldwide were added to the Guildma malware’s target list.
The Guildma threat appears to be distributed via spearphishing campaigns mostly. The attackers would use a PHP script to automate the distribution of mass spam emails to a long list of email addresses. The authors of the Guildma malware seem to be using either hijacked or rented servers from which they propagate the spam emails. The messages in the emails are crafted carefully to convince the user to open the attached corrupted file. To make the emails seem more legitimate and trick the user into thinking that the attachment is an important document, which they need to review, the attackers would often mask them as information about a job opportunity, a tax-related report, a government paper, etc. A report issued by a popular cybersecurity company states that in 2019 alone, the Guildma malware has tried to infiltrate over 150,000 users globally.
The Guildma malware can serve as a RAT (Remote Access Trojan), an infostealer, a spyware tool and a banking Trojan. This goes to show how flexible the Guildma malware is and how threatening it can be. When the Guildma malware compromises a host successfully, its activity can be triggered by various factors. This threat will monitor the user’s activity and would act accordingly. For example, the Guildma threat will keep an eye to detect if the victim tries to access a banking portal, which is on the target list of this malware. However, the Guildma malware does not target finance-related services only. This nasty threat looks for any information it can get and makes sure to use a variety of ways to collect it – collecting login credentials, gathering data from autofill forms, and even taking screencaps of the desktop and opened tabs. The Guildma malware also targets Netflix, Amazon, Facebook, and other popular services, and attempts to collect the login credentials of the victim. One method that the Guildma malware utilizes is closing the Web browser tab of the users so that the victims will have to open it again and put in their login credentials once more, which allows the attackers to collect them. This threat also keeps an eye out for FTP clients, as well as mail clients. Since the Guildma malware also can serve as a RAT, it can allow the attackers to plant additional malware on the compromised host, which further weaponizes this threat.
The authors of the Guildma malware keep upgrading this hacking tool and making it even more powerful. This malware is now a treat to users worldwide, and you should be very wary of suspicious emails from unknown sources. Furthermore, make sure you keep all your applications up to date and look into obtaining an anti-virus solution that will keep your system secure.
Do You Suspect Your PC May Be Infected with Guildma & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Guildma as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.