Metamorfo is out to steal your banking password.

It can start out innocently enough. You get an email containing an invoice from a well known company. You click on the zip file containing the invoice and voila!, you have just installed a virus on your computer. The fact that this virus was contained within something else that you thought was ok, makes this a trojan virus (think Trojan horse).

This malware (yet another name for you) will run a script that is designed to bypass detection by antivirus software. The script will shut down your browser (you will think it crashed) and when you re-load the browser, it will no longer allow you to auto-complete the entry of user names and passwords. By making you type in your username and password, the keylogger that comes with this virus will record your keystrokes and send that information to a server run by the low-life thieves that sent you the trojan in the first place.

As a bonus, just so the fustilarian isn’t wasting time looking at all your keystrokes, the malware watches for 32 keywords associate with the banks that they are most comfortable with. When any of those keywords are typed, the bull’s-pizzle is alerted so he can pay attention to what you type next. The banks they are targeting are located in the US, Canada, Peru, Brazil, Chile, Equador, and Spain.

There are several things to take away from all this:

1. Be very wary of opening zipped invoices or anything else you receive via email.
2. Do not follow links from emails, type them in yourself.
3. The fact that this malware is being reported means that it has been around long enough to be discovered. It might have been around for the past year and we are just now learning about it.
4. Browser plug-ins and other built in auto-typed password functions (keychain) are the most easily exploited forms of password protection. There is always a trade-off between security and ease of use. Browser plug-ins are 1 step too far as far as we at APO are concerned.
5. When you want to log into your bank account, let APO open the website instead of using a link within an email. This protects you from linking to a fake site set up to steal your login credentials.