Global leader in cybersecurity ESET discovers new type of banking trojans stealing cryptocurrency

19:15, 03 October 2019
World
325 0
Its most interesting aspect is the operators' efforts to hide the C&C server domain and port / Photo from local.standard.co.uk

"ESET, a global leader in cybersecurity, announces its research team has found a new banking trojan belonging to the Casbaneiro family, which, once it has infiltrated a victim's device, utilizes backdoor commands to take screenshots, as well log keystrokes," the company's press service told UNIAN.

Read alsoRussian state-sponsored hackers behind IoT cyberattacks, Microsoft says

Additionally, Casbaneiro is used to steal cryptocurrency via a technique that monitors clipboard content for cryptocurrency wallet data. If such data is found, the malware replaces the data with the attacker's own cryptocurrency wallet.

The company says that Casbaniero is similar to the earlier identified Amavaldo malware family.

"The trojans use similar methods and also make use of social engineering to fool victims, mimicking the use of fake pop-up windows and forms. These attacks are usually centered on persuading the victim to take purportedly urgent or necessary action, such as install a software update, or verify a credit card or bank account information. Casbaniero's initial vector is a malicious email, which is the same method used by Amavaldo," the press service explained.

According to it, one of the most interesting aspects of Casbaneiro is the operators' efforts to hide the command and control (C&C) server domain and port. The C&C server has been hidden in a variety of places, including in fake DNS entries, embedded in online documents stored on Google Docs, or embedded in fake websites that mimic legitimate institutions. In some cases, the C&C server domains have been encrypted and hidden in legitimate websites, most notably in the descriptions of several videos stored on YouTube.

The press service added that, despite the fact that the victims of this trojan were mainly Latin American users, its further spread is not excluded.

"ESET experts recommend that users follow basic security rules when entering personal data to make online payments, and use reliable software to protect their devices," ESET said.

As UNIAN reported, international IT companies in the second half of September 2019 warned Ukrainians about the need to take precautions in connection with widespread cell phone spying through special SMS messages, which, when opened, provide hackers with access to users' personal data without the latter knowing it.

According to ESET, about 300,000 new cyber threats related to information security are recorded in Ukraine every day. At the same time, it is extremely difficult to trace hackers; all what remains for companies is to conduct monitoring every minute to identify cyber threats in order to further block them.

If you see a spelling error on our site, select it and press Ctrl+Enter