Just as phishing has become more targeted with the rise of spear-phishing that targets individuals or small groups of people, so is the malware being increasingly targeted to specific geographical regions or targets. Ransomware is a good example, with individual countries being targeted by malware disguised as messages from the local law enforcement agency. Now Kaspersky has found a new Latin American botnet that is currently targeted at just two specified banks in Chile.
Dubbed AlbaBotnet by Jorge Mieres, a Kaspersky Lab expert, the botnet is currently still in its trial stage: “up to now there has been no monetization of AlbaBotnet.” Nevertheless the author has been testing and developing the malware since at least early 2012.
Mieres notes some similarity with the Mexican vOlk-Botnet, and PiceBOT. All three use the same encryption system, “So it’s quite possible that the underlying crypto code is shared between them,” he conjectures.
The malware also includes an email facility. Mieres says the malware “revolves around online pharming, with a view to delivering targeted phishing attacks which steal information from the online accounts of two major Chilean banks.”
It is likely, however, that the basic code can be amended to attack targets of choice in the future.