We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanSpy:Win32/Bancos.TH!dll
Detected by Microsoft Defender Antivirus
Aliases: Win32/Spy.Banker.TNQ (ESET) Trojan-Banker.Win32.Banker (Ikarus) PWS.y!clf (McAfee) TSPY_BANKER.SMJ (Trend Micro)
Summary
TrojanSpy:Win32/Bancos.TH!dll is a password stealing trojan that targets specific online banking Web sites. Captured credentials are sent via SMTP e-mail to a specified address. It is usually installed as a Browser Helper Object (BHO) by TrojanSpy:Win32/Bancos.TH.
Manual removal is not recommended for this threat. Use the Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.
TrojanSpy:Win32/Bancos.TH!dll attempts to steal sensitive and confidential information from affected users to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:
Follow us
