The message that the user receives is as follows:
If the user clicks on the link, he enters the site of a popular Argentine ice cream shop, whose site has been violated and in which a series of harmful files have been hosted.The PHP script
http://www. [REMOVED].com.ar/async/include/novedades/MensajesMultimdia/iclaro/ClaroMultimedia.php downloads a ClaroMultimedia executable file.EXE detected by several antivirus and whose objective is to modify the system hosts file by pointing several Peruvian banks to an IP address where replicas of them are found (Pharming Local):
[REMOVED].22.248.234 www.viabcp.com
[REMOVED].22.248.234 viabcp.com
[ELIMINATED].22.248.234 www.bn.com.pe
[REMOVED].22.248.234 bn.com.pe
From Segu-Info we have already contacted the ice cream company to proceed to eliminate the harmful files and solve the vulnerabilities in their server.
! Thanks to Ernesto for the complaint!
- Publicidad -
Cristian from the Segu-Info Newsroom
