— ESET (@ESET) October 3, 2019
Antivirus software provider ESET recently discovered a widely spread banking trojan. The trojan is very sophisticated and not only goes after fiat, but after crypto as well.
It has been nicknamed “Metamorfo” and/or “Casbaneiro”. As its nickname suggests, the banking trojan’s victims are mostly located in Latin America.
The banking trojan is focused mainly in Latin America
According to the available information, Brazil and Mexico are the trojan’s most likely targets. It primarily focuses on crypto and banking services.
ESET’s report goes in a little further in Casbainero’s design. It’s highlighted that the banking trojan is not unique as it uses a well-known method with fake pop-up windows.
The pop-ups don’t beat around the bush and attempt to lure the victims to share any sensitive information. If they are successful, the information is instantly stolen.
Casbainero follows the same steps typical for Latin American banking trojans as it takes screenshots and sends them back to its C&C server. It also simulates mouse and keyboard actions to capture passwords and is able to download and install various updates on itself. Like most other trojans, Casbainero also attempts to restrict access to various websites and downloads and executes many executables.
The information collected by Casbainero is also standard for most trojans:
- All the system’s installed antivirus and anti-malware products
- The OS version
- The username
- The computer’s name
- Special attention if specific applications are installed:Trusteer and Diebold Warsaw GAS Technologia (this app is used to protect online bank access)
There have so far been 4 different variants of this banking trojan. It’s quite difficult, even for the experts in ESET to separate them due to some of the variants using the same decryption key and the same mechanisms in different variants.
Casbainero is also after crypto wallets as it can monitor the content of the clipboard and replace the crypto wallet of the victims with an address which belongs the attacker.
You can also check out:
- Money Printing Hasn’t Stopped: Sleepwalking Towards A New Crisis - Oct 22, 2019
- SIM Swap Victim at Crossroads After Failed Lawsuit Against AT&T - Oct 22, 2019
- Blockchain Voting Still Has to Improve Before Mass Adoption - Oct 21, 2019
- National Currency-Pegged Stablecoins Are an Option for Libra - Oct 21, 2019
- Cointelegraph Ban Enforced in Russia: No Explanationby Roskomnadzor - Oct 18, 2019
Know more than others on any Blockchain Party!
Join more than 5000 others to receive the breaking news and weekly summaries! No ICO spam, we promise.