There is a new malware campaign targeting Croatia, Montenegro, and other countries in the Balkans. The campaign involves versions of 2 malware files, and they are delivered via spam emails containing either malware attachments or links to the malware. The malware is designed to steal bank accounts and other financial information, but I suppose it could be used to steal any information.

Below are MDB malware signatures to detect some versions of both malwares. Copy the signature(s) to a Notepad file and save it in the ClamWin db program data folder or add the signature(s) to an existing MDB file you may already have there. Do not save the file with a .txt or .text on the end of the name. Save it as Sigfile.mdb (select file type All Files to prevent the .txt or .text at the end of the filename), otherwise ClamWin will be unable to recognize it as a signature. MDB signatures identify important parts of a malware file and will last until the next version of the malware comes out--often in a week or so. Some malware authors may reuse parts of their old version, so an MDB signature could last longer--probably no longer than for a month.

65536:d31c5eeb2905415a2435d71354f5300c:Win.Trojan.BalkanRat-081419.1219
72704:a014cb4791132c8d4ca22a62703c5cc6:Win.Trojan.BalkanRat-081419.1215
47616:7f60c6e71628392fe77d888099c459a8:Win.Trojan.BalkanRat-081419.1212
93696:849fecd0c6964564e3a984d7063956ed:Win.Trojan.BalkanDoor-081419.1158
91648:2582ca187503650c7a62d7d204b8fb66:Win.Trojan.BalkanDoor-081419.1155
93696:3a26b0cf45bb45658d16cc8e49fe087e:Win.Trojan.BalkanDoor-081419.1152

Regards,