[Warning] Malicious file related HSBC online banking has been found from Brazil.

1. Introduction

In the midst of booming security threats and accidents in South Korea, a malicious file aiming at online banking users from Brazil has been reported.
Since banking fraud is getting bigger and bigger, users who use online banking need to be careful on using online transaction.

2. Spreading path and symptoms of infection

Recently founded malicious file is designed to aim online banking user of HSBC. When this malicious program works, it will send account number, password and inputted personal information to certain IP with using SMTP(Simple Mail Transfer Protocol).

This malicious file is named "Modulo_HSBC.exe", and its preference is also disguised as a banking information("HSBC Bank Brasil S.A. - Banco Múltiplo").

Upon executed this malicious file, it will pop-up message box "Please wait a moment while we configure the application for registration to start updates."

* Network transaction information on executing malicious file

When the waiting message "Modulo_hsbc" is closed, "wait while the server connect HSBC" message will appear.

Next phase, user can input "CPF" information.

Next phase, user can input 4-digit password.

In this page, HSBC requires user to input 7-digit password.

Following figure requires information for online banking.

End of the process.

INCA Internet Emergency Response Team figured out that the inputted information will be leaked to certain web site with using SMTP.

* Packet transaction data information

 - Submitted information is recorded as following.

 - Destination IP address is located in United States.

3. How to prevent

To use PC safely from security threats of these malicious files, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/W32.Banker.1977856.D


  1. This comment has been removed by the author.

  2. In this configuration, instead of a computer being connected to the high speed Internet broadband device, you connect a router. This router acts and the traffic controller. check out chrismartslaw.com

  3. By the way, my dissertation was related with technologies. And service https://dissertationauthors.com helped me with writing a lot. You can check this out if you want.

  4. Thanks for this great post. This is really helpful for me. Also, see
    Tutu App for Android

  5. if you are facing any technical problem with your PC or mobile you can visit us for a better solution Geek squad support provide the best technical support for all kinds of a technical problem you can visit here for solve you problem Geek squad tech support

  6. Amazing Post, Thank you for sharing this post really this is awesome and very useful.

  7. The content of your article page Click to play game, I find the content quite interesting and useful to me, thank you for sharing

  8. Wales publishers are offering optimized, Best Publication Services in UK to boost the researcher and research communities, by providing accelerated and efficient services to fasten the publishing process and to give more opportunities for research on different disciplines.Wales publication research conferences give the researchers an international platform to discuss their scientific research Open Access Publishing UK work and their edges.We are different from other conferences because the community's member organizes our conferences.

  9. Penetrating into key Accounts, Professionally manage your best Sales Tracking software and Grow your Outbound Sales. Hire our platform with Sales Consultants at Intandemly.