TSPY_BANKER.EUIQ
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 31 |
First Seen: | May 18, 2012 |
Last Seen: | April 24, 2023 |
OS(es) Affected: | Windows |
The TSPY_BANKER.EUIQ Trojan is a malware infection that is designed to steal banking information. However, rather than using keylogger attacks in order to obtain this information, TSPY_BANKER.EUIQ uses a sneaky approach, it uses browser hijacking. Basically, TSPY_BANKER.EUIQ redirects computer users to phishing websites set up to look identical to popular banks' websites. TSPY_BANKER.EUIQ can be configured to carry out these redirects whenever the victim attempts to connect to a legitimate banking website. Once there, entering their login details, such as account number and password, actually hands over this information to the criminals operating these copycat websites and TSPY_BANKER.EUIQ itself. TSPY_BANKER.EUIQ will work together with another malware infection, TROJ_KILSRV.EUIQ. This second Trojan is designed to delete GBPlugin. While this add-on was originally intended to protect Brazilian banking users from similar attacks, there is no question that the criminals behind TSPY_BANKER.EUIQ have found a way to circumvent its protection.
Currently, TSPY_BANKER.EUIQ is distributed through a social engineering attack, disguising this file as a supposed setup file for the popular web browser, Google Chrome. While, in theory, TSPY_BANKER.EUIQ could be used to attack computer users all over the world, it is targeted towards Brazilian computer users and South American banks. Currently, the banks targeted by TSPY_BANKER.EUIQ include those with these strings or addresses: 'Caixa Econ – mica Federal,' www.sicredi.com.br, 'Banco Santander Brasil | Pessoa Jur dica | Atendimento empresarial, empresas' and 'Banco Ita – Feito Para Voc.'
Detecting TSPY_BANKER.EUIQ's Bank Phishing Websites
Carefully observing the supposed banking websites reveals details that betray their true nature. For example, the websites' titles will have small discrepancies in order to create a duplicate of the legitimate bank's website. For example, the bank's name may include an underscore ('_') or very slight changes in spelling. The web address will also be different, using a URL that has minor differences with the targeted banks'. Because of this, ESG security researchers strongly advise checking any website's name and address before entering highly-sensible data, such as banking information or credit card numbers. If you find that the URL is not matched or that there are unusual discrepancies in the website's appearance, this may indicate a potential phishing attack and, if you suspect this is the case, you should never enter your information.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.