Trojan-Banker.Win32.ChePro

Detect Date 11/20/2015
Class Trojan-Banker
Platform Win32
Description

Most ChePro samples are downloaders which need other files to complete the infection. Usually they install banking malware that will take screenshots, capture keyboard strokes, and read the content of the clipboard.

Malware in this family can be used to attack virtually any Internet banking service. This malware implements new techniques for the purpose of avoiding detection for as long as possible.

Several Trojans use geolocation or query the operating system for the user’s timezone and Microsoft Windows version. The Trojans will not attempt to complete an infection if the computer’s IP address is not Brazilian, the operating system is set to a timezone that is outside of Brazil, or the system language is not Portuguese (Brazil).

Geographical distribution of attacks by the Trojan-Banker.Win32.ChePro family

Trojan-Banker.Win32.ChePro_image1_edit-2

Geographical distribution of detections during the period from 20 November 2014 to 20 November 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Brazil 73.45
2 Russian Federation 7.61
3 Spain 1.99
4 Portugal 2.09
5 Austria 1.31
6 USA 1.18
7 Colombia 0.86
8 Ukraine 0.78
9 Germany 0.66
10 Mexico 0.65

* Percentage of all unique Kaspersky users attacked by this malware