The Casbaneiro banking Trojan is going after Latin American victims’ cryptocurrency, Verdict reports. It’s being distributed via phishing emails which trick victims into downloading a malicious ZIP file. In some cases, this ZIP file is made out to be Spotify, OneDrive, or WhatsApp applications.
Once a system is infected, Casbaneiro will look for the presence of Latin American banking applications. If the victim uses one of these applications, the malware will trigger spoofed popup windows to intercept the users’ banking information. The malware also acts as a keylogger and can take screenshots.
Additionally, Casbaneiro monitors the victim’s clipboard for content that looks like a Bitcoin address. If it detects one, it will replace it with an address belonging to the attacker. As a result, the victim will accidentally send their cryptocurrency to the attacker’s address. Verdict noted that one of the addresses used by Casbaneiro has received fifty-two payments in Bitcoin, totaling around $10,200.
The malware primarily targets Portuguese and Spanish-speaking people, and it’s most active in Brazil and Mexico. It’s also been observed going after targets in Argentina, Peru, Spain, and the United States.
It can be very hard to detect and remove banking malware after it’s already compromised your system, so it’s best to prevent it from gaining access in the first place. New-school security awareness training can help you and your employees identify and thwart phishing emails and other social engineering attacks.
Verdict has the story: https://www.verdict.co.uk/casbaneiro-malware/
Here's how it works:
