CamuBot, a new financial malware, attacks banking clients in Brazil
Researchers at IBM X-Force have discovered a new malware for now attacks Brazilian banks, through clients who perform operations through commercial banking. In August 2018 the first attacks were detected.
This malware called CamuBot is able to camouflage itself to go unnoticed as legitimate banking security software, has the ability to circumvent biometric authentication by posing as a bank employee, direct the victim to a specific domain and have him install a new security module that contains the aforementioned malware. The malicious code supplants the security modules required by financial institutions to operate within the online banking, is able to search and install drivers for authentication devices and enable remote sharing. This allows attackers to intercept and steal single-use passwords generated for authentication.
References:
- 04/09/2018 threatpost.com ‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass
- 12/09/2018 spamfighter.com Fresh Financial Malware, CamuBot Strikes against Banking Clients in Brazil
- 04/09/2018 securityintelligence CamuBot: New Financial Malware Targets Brazilian Banking Customers
- 08/09/2018 techcrunch.com Nuevo malware bancario CamuBot pasa desapercibido camuflándose como software de seguridad
- 05/09/2018 cso.computerworld.es El 'malware' bancario CamuBot elude la autenticación biométrica