An information stealing Trojan, W32.Difobot has been detected by Symantec which has been directly aimed at financial institutions and clients and deploys a social engineering approach to acquire victims information.
How It Works
The email is disguised to come from HSBC (a banking and financial company) and also displays @hsbc.com email address. This mail comes with a notice to install a legitimate security software Rapport (Various detection software designed to protect online bank accounts from fraud).
Due to the emails legitimacy, the software when installed executes a malware and the shields itself by using windows GodMode to hide itself so it can’t be seen or removed. We know Windows GodMode is a Master hidden control panel hidden in some versions of windows.
Once the processed is finished on the compromised computer, it allows the attacker to access the compromised system remotely to steal sensitive date such as credit card information or any other files in relation to finance.