This malware family is designed to steal personal information from the clients of Brazilian banks. Methods and technologies used by this malware are generally crude. Written in Delphi or .NET, the malware uses fraudulent forms to obtain the information necessary for bypassing two-factor authentication.
One example of this malware family is the Telax banking Trojan. The main Telax module is written in Delphi and is approximately 12 MB in size. The Trojan loader is written C#, with a size of under 500 KB. The Trojan is capable of performing simple commands received from the control server, such as controlling the mouse, pressing a key combination in an open window, deleting itself, and restarting the computer. Data from the user’s computer is transmitted via a POST request without encryption. Request parameters are named in Portuguese:
Geographical distribution of attacks by the Trojan-Banker.Win32.Banbra family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware