TSPY_BANKER.EUIQ
Posted: May 18, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 73 |
| First Seen: | May 18, 2012 |
|---|---|
| Last Seen: | April 24, 2023 |
| OS(es) Affected: | Windows |
TSPY_BANKER.EUIQ is a banking Trojan that stealthily redirects your browser to phishing copycat sites whenever you try to load a bank-related website. The exact site that causes the trigger can vary depending on TSPY_BANKER.EUIQ's configuration, which may be adjusted over time. TSPY_BANKER.EUIQ also includes a secondary component that removes bank-related browser security. Although TSPY_BANKER.EUIQ may be installed by other PC threats, SpywareRemove.com malware researchers have seen signs that many TSPY_BANKER.EUIQ infections appear to be installed of the victim's own free will – apparently due to TSPY_BANKER.EUIQ masquerading as a fake setup file for the Chrome browser. Victims are exposed to TSPY_BANKER.EUIQ's file through links that are masked by reputable URLs (such as Google or Facebook), although TSPY_BANKER.EUIQ's current attacks appear to be focused primarily on Brazil-based computers.
TSPY_BANKER.EUIQ – Starting at Brazil, with a Potentially Unlimited Destination
Like Mal/Behav-130 or Trojan-Downloader.Win32.Bancos, TSPY_BANKER.EUIQ is configured to target Brazilian banks and their users, but many of TSPY_BANKER.EUIQ's capabilities are sufficiently flexible that they could also be applied to attacks against the banks of other countries. While some of the worst PC threats that SpywareRemove.com malware researchers have seen have been known to engage in .html injection and similar types of attacks against bank accounts, TSPY_BANKER.EUIQ confines its attacks to simple browser redirects. These redirects force the victim to load a fake bank website that's utilized for phishing attacks. Since TSPY_BANKER.EUIQ monitors your browser's activities to figure out the perfect time for this website swap, the phishing site is likely to look identical to the real bank website that you just tried to visit.
TSPY_BANKER.EUIQ's phishing sites currently have minor discrepancies in their titles, such as unnecessary underscores, and will also, like all phishing sites, include differences in their web addresses. SpywareRemove.com malware researchers remind that you never should input personal information, including bank account data, with any site that appears to be legitimate but displays a mismatched URL or other unusual changes. These minor differences can be the only sign of TSPY_BANKER.EUIQ's phishing attacks, and, therefore, the only things to help you stop TSPY_BANKER.EUIQ from looting your account for everything that it's worth.
Banking institutions that are targeted by current versions of TSPY_BANKER.EUIQ include any sites with the following URLs or text strings: 'Caixa Econ - mica Federal,' www.sicredi.com.br, 'Banco Santander Brasil | Pessoa Jur dica | Atendimento empresarial, empresas' and 'Banco Ita - Feito Para Voc.'
The 'Before' and 'After' of Avoiding a TSPY_BANKER.EUIQ Attack
TSPY_BANKER.EUIQ can easily be avoided by not risking contact with suspicious browser installation files, particularly files entitled 'ChromeSetup.exe.' Since symptoms of TSPY_BANKER.EUIQ's attacks are limited, you should be prepared to analyze your PC with suitable anti-malware programs if you're aware of even a slight possibility of TSPY_BANKER.EUIQ's presence on your computer. TSPY_BANKER.EUIQ will, in most cases, be accompanied by a second PC threat, TROJ_KILSRV.EUIQ, that deletes the GBPlugin (a popular security-related add-on for Brazilian bank sites).
As of the time of this writing, recent reports of successful TSPY_BANKER.EUIQ infections have increased significantly, from mere hundreds to thousands. Although TSPY_BANKER.EUIQ's server is currently inaccessible, this doesn't necessarily indicate that TSPY_BANKER.EUIQ is in any way neutered, and SpywareRemove.com malware researchers advise you to treat any possible TSPY_BANKER.EUIQ infection with the highest level of caution.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.