Symantec has observed that a recent malicious spam campaign focused on users in India. The e-mails contained a malicious attachment, detected as Spyware. Redpill, which is used by cyber criminals to steal confidential information. This includes credentials for social networking accounts, bank account details, e-mails written on compromised computers and screenshots.

A statement issued by Symantec said that upon opening the attached file, users receive an error message indicating that the file was corrupted. However, the malware is silently executed and has already begun to steal information, even as its malicious purpose remains hidden from the user. In the background, the malware installs itself on the compromised computer. It also creates a registry entry subsequent to which keystrokes are recorded and screenshots taken.

“The stolen information is sent to an e-mail account hardcoded into the programme. In our investigations we found details of the e-mail account used by the attacker to receive the stolen data—for instance, it received over 12,000 e-mails in March 2013,” said Abhijit Limaye, Director, Development, Security Response, Symantec.