Internet banking credentials are a desired target for cybercriminals. They can be targeted with man-in-the-middle attacks or through password stealing trojans such as Fareit, Zbot or Banker. A less known, yet commonly found in South America and to a lesser extent in Russia, method to gain unauthorized access to a user’s banking credentials is through malicious Proxy Auto-Config (PAC) files. Normally, PAC files offer similar functionality to the hosts file, allowing IP/website redirection, but only for the browser. Unfortunately, they can also be used for nefarious purposes.
When a user is infected with a malicious PAC and visits an internet banking website, the browser is usually redirected to a fake website that mimics the intended banking website. This may result in credentials being stolen – or worse, online account hijacking. (…)
See on blogs.technet.com