Researchers from Kaspersky Lab have discovered “AlbaBotnet”, an emerging botnet that appears to be gearing up to inflict financial damage on accounts at banks in Chili.
According to Kaspersky researchers, AlbaBotnet focuses on utilizing targeted phishing attacks designed to steal online accounts details, currently at two major Chilean banks.
Interestingly, while the author(s) behind the botnet have been testing it since early 2012, the botnet is in its infancy, and according data analyzed by Kaspersky, part of a trial stage with no monetization having taken place as of yet.
According to Kaspersky, AlbaBotnet uses the same encryption system found in versions of PiceBOT and vOlk-Botnet (Latin American botnets), indicating that that the underlying crypto code could be shared between them.
“The botnet appears to have a similar structure to its Latin American counterparts,” Kaspersky’s Jorge Mieres noted in a blog post. “As well as the default automated malware builder, it includes a package which automatically sends emails. Thus, the botmaster can customize infection campaigns through the classic mechanisms of visual social engineering.”
While AlbaBotnet currently appears to be targeting only accounts of two Chilean banks, it’s likely that the malware could be easily modified to expand its list of targets to other financial institutions.
Overall, Mieres says they have noticed an increase in the number of “home-grown Latin American threats” targeting users in the region.
Kaspersky Lab detects the AlbaBotnet threat as Trojan.Win32.VBKrypt.pitu.
More details on AlbaBotnet can be found here.