Malware Targets Venezuelans Through a Fake Link to Presidential Election News

There are a few things in life you can guarantee will happen on a daily occurrence. Many of these happenings take place without any special actions, such as breathing in and out copious amounts of air into your lungs so you may continue to live. Another thing that happens just about every day is the creation of some new malware software designed to extract data or money from vulnerable victims.

We have taken special attention to a discovery made by Dmitry Bestuzhev, head of Kaspersky Lab's research and analysis team in Latin America. He has found that just after Venezuela's October 7th presidential election, malicious software was spread by email, to specifically target Venezuelans for the purpose of compromising online account credentials.

A file identified as listas-fraude-electoral.pdf.exe, translated as 'electoral fraud lists', is the culprit in a massive email attack on Venezuelans. With such a file name, one would initially conclude that the file contains pertinent information related to the recent election in Venezuelan ushering Hugo Chavez's re-election triumph. Naturally, a citizen in Venezuela would be curious to discover the file's contents, especially considering Chavez's recent victory.

Emails are being circulated with a malicious link to redirect a user's PC to download the listas-fraude-electoral.pdf.exe file. Opening or loading the listas-fraude-electoral.pdf.exe file, which was found to be primarily spread through email messages containing the malicious link, would automatically load a fake website pretending to belong to the Venezuelan TV channel Globovision. The impersonating site is only a cover while the malware basically gets acquainted with the affected computer.

Once a system is infected with this particular malware, it may gain access to Venezuelans' CADIVI (Comisión de Administración de Divisas - Commission for the Administration of Currency Exchange) accounts to use their allotted dollars. What leads us to suspect that the creators of this malware are from Venezuela, is the idea mentioned on a recent technology column in The Washington Post saying 'Venezuela's government maintains strict foreign currency exchange controls, and the currency agency provides people who apply with limited amounts of dollars or other currencies for purposes including travel, certain imported goods and overseas tuition payments'.

The malware is able to give cybercriminals access to steal a victim's banking information, such as logins, passwords or other credentials. The particular accounts targeted are ones holding CADIVI, known as the Venezuela currency agency's Spanish initials. You could similarly compare this new malware threat to the infamous Zeus Trojan known for being the the king of online banking theft over the past few years but knowingly bypassing antivirus software.