CPL Malware Booms in Brazil
January 17, 2014
The malicious files are zipped and arrive via emails that are supposedly sent by prominent Brazilian financial institutions. The file attachments make use of Portuguese and Brazilian terms and are aptly disguised as payment receipts or debt balances. Users who open the malicious .CPL files unknowingly execute banking malware. Once banking malware infiltrates a computer, it can redirect a victim to a malicious site, monitor a victim’s access to his banking sites, or even hijack his banking sessions.
Brazil is no stranger to these kinds of attacks. About 40 new malware target Brazilian banking customers on a daily basis. The creation of CPL malware just shows the broadening arsenal cybercriminals have at their disposal.
A typical .CPL file can host different kinds of apps. This flexibility allows cybercriminals to reengineer .CPL files in various ways—from droppers to rootkit installers. And since .CPL files pass off as generic Control Panel items, they make for great bait to lure unsuspecting victims to run malware on their devices and networks. Currently, Trend Micro has analyzed and detected more than 4 million malicious .CPL files.
CPL malware infections are preventable just as long as you note their characteristics. For example, .CPL files don’t commonly spread via networks. On the hand, the malicious .CPL files distributed in Brazil do. Our research paper, CPL Malware: Malicious Control Panel Items has more detailed information on the subject matter. With the right tools, knowledge, and awareness of cybercrime activities, you can minimize the impact of CPL Malware.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.