Casbaneiro is the Hook in Alt-Coin Phishing

PhishingOneMinuteThe Casbaneiro banking Trojan is going after Latin American victims’ cryptocurrency, Verdict reports. It’s being distributed via phishing emails which trick victims into downloading a malicious ZIP file. In some cases, this ZIP file is made out to be Spotify, OneDrive, or WhatsApp applications.

Once a system is infected, Casbaneiro will look for the presence of Latin American banking applications. If the victim uses one of these applications, the malware will trigger spoofed popup windows to intercept the users’ banking information. The malware also acts as a keylogger and can take screenshots.

Additionally, Casbaneiro monitors the victim’s clipboard for content that looks like a Bitcoin address. If it detects one, it will replace it with an address belonging to the attacker. As a result, the victim will accidentally send their cryptocurrency to the attacker’s address. Verdict noted that one of the addresses used by Casbaneiro has received fifty-two payments in Bitcoin, totaling around $10,200.

The malware primarily targets Portuguese and Spanish-speaking people, and it’s most active in Brazil and Mexico. It’s also been observed going after targets in Argentina, Peru, Spain, and the United States.

It can be very hard to detect and remove banking malware after it’s already compromised your system, so it’s best to prevent it from gaining access in the first place. New-school security awareness training can help you and your employees identify and thwart phishing emails and other social engineering attacks.

Verdict has the story:


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews