Researchers at cybersecurity company ESET have discovered a new trojan targeting cryptocurrency banks and services in Latin America, notably Brazil and Mexico. Called "Casbaneiro", the threat will be legitimate financial applications to steal the victim's confidential bank information or cryptocurrency if the user has it. According to the company, more than 20 banks in Brazil and seven in Mexico have had malware victims. Sites like YouTube have also been used as a scam broadcast channel, according to last Thursday's report (3).
READ: New scam steals Brazilians bank data
Casbaneiro is usually spread from malicious emails. In general, the messages convince the user to install legitimate financial software that actually hides the banking trojan. Another common tactic employed by cybercriminals to embed malware into the source code of legitimate websites. As noted by the researchers, Casbaneiro took advantage of YouTube to store its command and control (C&C) server domains. The addresses were found on fake football channel links and cooking recipes.
Casbaneiro bank Trojan mainly attacks banks in Brazil and Mexico Photo: Divulgao / ESET
Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc
After being installed on the victim's device, Casbaneiro executes backdoor to capture prints screen access, restrict access to official bank websites, simulate keyboard actions, and install programs on their own. In addition, malware can steal cryptocurrencies from the infected user or institution by exchanging data for information from criminals.
Among Casbaneiro's capabilities is also the collection of information such as user and computer name, operating system version and list of antivirus installed on the machine. The trojan is capable of detecting the Latin American banking applications available on the device and programs to protect access to these services.
Casbaneiro Malware hides in fake YouTube links Photo: Divulgao / ESET
To protect yourself from Casbaneiro or any other malware, it is important to avoid opening attachments or links included in emails from stores or banks. Also, I need to check if the source address is the sender, since most of these threats are broadcast from emails with phishing tactics. Another valid recommendation is to keep the device antivirus always up to date.
Strange behavior when creating, renaming or deleting folders in Windows 10; what to do? Ask questions on the dnetc forum.
What ransomware: five tips to protect yourself
