It is surprising how fast the cyber-crooks take advantage of any eye-catching news to distribute malware. Less than two days after the tragic event that took place in Tokyo “Tomohiro Kato – Akihabara Killer”, we detected an email that used this news as a bait to deceive users.
The email seemed to come from an address belonging to the RPP news (Radio Programas del Perú) in order to pass itself as a trustworthy source. However, you can check in the following URL, which makes reference to the official news published by RPP, that it is totally different to the news included in the malicious email message, where after a brief description of the event, users are enticed to download and see a video regarding this news. However, what they actually download and install in the system is the Trojan QHost.IH.
This malware is designed to modify the hosts file by adding four fake websites of a certain banking entity. This way, if users visit any of the websites included in the hosts file, they will not be redirected to the original one but to another imitating the original website.