Camouflaged Trojan CamuBot Targets Brazilian Bankers via Unique Phishing Scheme

CamuBot (detected by Trend Micro as TrojanSpy.Win32.CAMUBOT.A), is a recently discovered banking Trojan that targets business-class bank users in Brazil using a blend of phishing and malware techniques. This targeted financial Trojan flies under a victim’s radar disguised as a bank’s security module, bearing its official logos and branding, to lure victims into installing the malware using a Windows administrator profile.

[READ: Phishing for Payroll: Nigerian National Convicted for Attempted Stealing of $6M+ via Phishing]

According to security researchers, threat actors search for potential targets such as business owners or employees who have access to online business banking accounts via social media profiles or more traditional means such as a phone directory or search engine lookup. Threat actors will then contact the victims purporting to be bank employees and direct clients into accessing a fake verification website to check if they have the latest version of the bank “security module.”  The fake website will display a message stating that the supposed security module needs to be updated while the threat actors guide victims through the process of downloading the banking application-disguised malware.

[READ: Banks in Peru Hit by Phishing Attack Using Bitcoin Advertisements as Lure]

As the malware executes, victims will be instructed to log into their online banking accounts via a fake site that will pop up on their screen, where cybercriminals can gain access to their username and passwords.

[READ:Spam Campaign Delivers Malware via .WIZ, Targets Banks]

The unique malware circumvents online banking authentication processes by installing a driver that will allow the remote sharing of authentication devices associated with victims’ computer. Once they trick victims into giving them remote access to authentication devices, they can hijack one-time bank-generated passwords and gain access to the victims’ online banking accounts to steal money.

It should be noted that an infection chain with "human" interaction  wherein threat actors directly contact victims to trick them into downloading malware — is highly uncommon. 

Defense against Advanced Phishing Tactics

Identifying phishing scams through awareness and proper training can help individuals and organizations avoid these attacks. Employing the right security solutions that combine traditional defenses and advanced technologies such as artificial intelligence (AI) and machine learning (ML) can help tighten defenses against a broad range of cyber threats.

Trend Micro XGen™ security also provides organizations a cross-generational blend of threat defense techniques against a full range of threats for data centerscloud environmentsnetworks, and endpoints.

It features high-fidelity machine learning to secure the gateway and endpoint data and applications, and protects physical, virtual, and cloud workloads. With capabilities like web/URL filtering, behavioral analysis, and custom sandboxing, XGen protects against today’s purpose-built threats that bypass traditional controls, exploit known, unknown, or undisclosed vulnerabilities, and either steal or encrypt personally identifiable data. Smart, optimized, and connected, XGen powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.