Fresh Financial Malware, Camubot Strikes against Banking Clients in Brazil
Security researchers from IBM X-Force recently examined one freshly discovered financial malware which strikes on prominent Brazilian banks via clients who conduct business banking with the institutions. Dubbed CamuBot, the malware pretends to be certain security software that the attacked banks would require.
CamuBot's first detection was during August 2018 inside Brazil when several targeted assaults took place serially against customers conducting business banking. The malware authors, as per X-Force findings, are robustly employing their ware for attacking public sector companies and private firms with the aid of malware and social engineering tricks towards evasion of robust security controls and authentication.
Security investigators observe CamuBot's code as considerably varied compared to usual banking Trojans since there's no effort on its part towards concealing its deployment. Instead it's quite visible via its use of general brand imaging and bank logos for making itself look as security application. CamuBot, therefore, by acquiring victims' trust dupes them into loading itself while the victims don't even realize they're actually installing a Trojan virus.
Apparently, the malware is more advanced compared to the remote-overlay kind of malicious program generally utilized within fraud campaigns attacking Brazilian end-users. Rather than being a RAT and simple phony screen, CamuBot's tactics resemble those, which malware created in Eastern Europe have such as QakBot, Dridex and TrickBot, all the three targeting business banking operations.
Moreover, the methodologies of CamuBot are crafted for enticing potential victims in a way that they would load the malware onto their PCs while unwittingly endorse some fraudulent transaction.
For executing the attacks, CamuBot's controllers find businesses which are tied to one particular financial institution. Subsequently, the malware authors ring up their victim who'd possibly own the bank A/C details for the kind of business.
Thereafter, the attackers masquerade as bank staff, while divert the victim onto an URL for checking the update status of her/his security program. Certainly, the status shows 'not updated' so that attackers tell the victim that she/he should load one fresh security program to do her/his online banking operations.
And while the loading takes place, CamuBot invisibly gets pulled down and run onto the victims' systems.
» SPAMfighter News - 9/12/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!