We want to warn you of an email message in Spanish we’ve received with the subject ( Urgente ) Posible Terremoto y Tsunami con un 89 % de efectividad and that is of course false.

The message consists of different images and informs users about an alert of earthquake and tsunami in Chile.

Besides, it passes itself off as a warning of National Geographic, in order to make it more credible.

The target of this attack are users from Chile. It takes advantage of the recent disaster which took place in that country and tries to alarm the population, so that they trust the email and get infected.

The message is the following:

Emaill_Chile_img1

It contains several links, and if you click any of them, you’ll access the website http://www.chile-national<blocked>phic.com from which a file called Alerta_TerremotoyTsunami.mpeg.exe is downloaded, which belongs to the Trojan detected as Banker.MGB.

This Trojan modifies the file HOSTS so that when you access any of the affected websites (www.santandersantiago.cl and www.santander.cl), you are redirected to another website which seems to be original one.

The first image belongs to the legitimate website and the second the fake one:

Banco_Santander_real_falsa

The second one could pass itself off as the original one. However, if you look at the address bar, you can see that it’s different from the usual one, as it belongs to an IP address:

Email_Chile_img2

If you enter your login data to your online account, a message will be displayed informing you that for security reasons you have to enter the data of your coordinate card:

Banco_Santander_falsa_img2

Then, a screen simulating that the information is being processed is displayed and then a website is opened informing you that the process has failed and that you should try it again later:

Banco_Santander_falsa_img3

By then, the cybercrook will have obtained your login passwords and the data of your coordinate card.

I used to consider cybercrooks as people without scruples for what they do, but to spread a false alarm using such a sensitive topic after what has happened in Chile, and on top of that to steal their money only proves that their scruples have no limits.