The malware was designed to gain access to Venezuelans' CADIVI accounts to use their allotted dollars, Bestuzhev said.
"Being that this malware is quite simple and also targeting only Venezuelan banks and CADIVI, we can strongly assume that the cybercriminals who produced it are from Venezuela too," he wrote on the blog.
Officials at the government's currency agency and Science and Technology Ministry could not be immediately reached for comment.
Bestuzhev said the malware was detected by was "proactive crawlers," which work like a sort of search engine and are designed to hunt down malicious URLs.
Bestuzhev's blog post: http://www.securelist.com/en/blog/208193897/Stealing_currency_permits_from_the_Government