Trojan.Win32.Jumcar

Trojan.Win32.Jumcar is a Trojan that steals financial information from Latin American computer users who use the home-banking services of major banking companies. Of these, 90% are channeled in Peru through phishing strategies based on cloning the websites of six banks. Trojan.Win32.Jumcar may also target two banks in Chile, and another in Costa Rica. Trojan.Win32.Jumcar propagates via spam emails linked to a strong visual social engineering based on falsified messages. Trojan.Win32.Jumcar is developed in .NET, while the usual pattern around malware developed in Latin America (excluding Brazil) is developing malevolent projects in VisualBasic.

Similarly, and contrary to common patterns in Latin American malware that obfuscate part of his code through simple hexadecimal conversions, Trojan.Win32.Jumcar use symmetric and asymmetric cryptographic algorithms to disguise the functionality indicated in the source code. For this, Trojan.Win32.Jumcar uses the classes System.Security.Cryptography.TripleDES, System.Security.Cryptography.Aes y System.Security.Cryptography.RSA. Trojan.Win32.Jumcar is delivered via spam email (allegedly coming from Peruvian banks) or social engineering attacks. The social engineering strategy depends on the Facebook image in the email message and in the name of the file downloaded, for example, 'facebook.exe'. Trojan.Win32.Jumcar can also proliferate via hijacked websites.