{"id":4538,"date":"2018-09-12T13:23:42","date_gmt":"2018-09-12T07:53:42","guid":{"rendered":"https:\/\/qadit.com\/blog\/a-new-banking-malware-disguises-as-security-module-steals-your-banking-credentials\/"},"modified":"2018-09-12T13:23:42","modified_gmt":"2018-09-12T07:53:42","slug":"a-new-banking-malware-disguises-as-security-module-steals-your-banking-credentials","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/a-new-banking-malware-disguises-as-security-module-steals-your-banking-credentials\/","title":{"rendered":"A New Banking Malware Disguises as Security Module Steals Your Banking Credentials"},"content":{"rendered":"

\"Unique<\/a><\/p>\n

A new unique banking malware dubbed CamuBot poses itself like a security module from the bank to gain victim\u2019s trust and tempt them into installing the malware on their device.<\/p>\n

The threat actor\u2019s actively targeting the companies and public sector organizations using a number of social engineering techniques to bypass the security controls.<\/p>\n

Security researchers from IBM spotted the CamuBot malware is more sophisticated and designed with a new code. It is different from the common banking trojans and it is blended with a number of social engineering techniques for device take over.<\/p>\n

Unique Banking Malware Targets Business Bank Account Customers<\/strong><\/h2>\n

The attack start\u2019s with some basic reconnaissance, they use to call the person who is holding the Business Bank Account and identify them as the bank employee and ask the victim\u2019s to navigate to the URL to ensure their security module is up to date.<\/p>\n

It is a fake page to trick the victim\u2019s so it comes up as negative and ask\u2019s them to install a new security module. Also, it advises the victim\u2019s to run the security module as an admin user and to close any other running programs.<\/p>\n

To gain user\u2019s trust it shows the banking logo and the modules install into the victim\u2019s device silently. It also establishes a proxy module and add\u2019s itself into the firewall to make it appear trusted.<\/p>\n

The executable, name of the file and the URL are not a static one, they continue to change for every installation. Communication established through Secure Shell (SSH)-based SOCKS proxy.<\/p>\n

Once the installation completed it pop-up a screen and redirects victim\u2019s to a phishing page that designed like a banking portal. The phishing page asks victim\u2019s to input his or her credentials and attackers make use of it. Attackers hang up after the account takeover.<\/p>\n

According to IBM X-Force researchers, if there is any endpoint the malware is used to install additional drivers for the device, then attackers ask to enable remote sharing if the victim authorizes then it enables attackers to intercept to intercept one-time passwords. By having the one-time passwords the attackers can initiate a fraudulent transaction.<\/p>\n

The delivery of CamuBot is personalized, at this time, CamuBot targets business account holders in Brazil and not in any other geographies said X-Force researchers.<\/p>\n\n\n
\"\"<\/a><\/td>\nVirus-free. www.avg.com<\/a><\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

A new unique banking malware dubbed CamuBot poses itself like a security module from the bank to gain victim\u2019s trust and tempt them into installing the malware on their device. The threat actor\u2019s actively targeting the companies and public sector organizations using a number of social engineering techniques to bypass the security controls. Security researchers … <\/p>\n

Continue reading “A New Banking Malware Disguises as Security Module Steals Your Banking Credentials”<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-4538","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-1bc","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4538"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4538\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}