Camouflaged Trojan CamuBot Targets Brazilian Bankers via Unique Phishing Scheme
[READ: Phishing for Payroll: Nigerian National Convicted for Attempted Stealing of $6M+ via Phishing]
According to security researchers, threat actors search for potential targets such as business owners or employees who have access to online business banking accounts via social media profiles or more traditional means such as a phone directory or search engine lookup. Threat actors will then contact the victims purporting to be bank employees and direct clients into accessing a fake verification website to check if they have the latest version of the bank “security module.” The fake website will display a message stating that the supposed security module needs to be updated while the threat actors guide victims through the process of downloading the banking application-disguised malware.
[READ: Banks in Peru Hit by Phishing Attack Using Bitcoin Advertisements as Lure]
As the malware executes, victims will be instructed to log into their online banking accounts via a fake site that will pop up on their screen, where cybercriminals can gain access to their username and passwords.
The unique malware circumvents online banking authentication processes by installing a driver that will allow the remote sharing of authentication devices associated with
It should be noted that an infection chain with "human" interaction — wherein threat actors directly contact victims to trick them into downloading malware — is highly uncommon.
Defense against Advanced Phishing Tactics
Identifying phishing scams through awareness and proper training can help individuals and organizations avoid these attacks. Employing the right security solutions that combine traditional defenses and advanced technologies such as artificial intelligence (AI) and machine learning (ML) can help tighten defenses against a broad range of cyber threats.
Trend Micro XGen™ security also provides organizations a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints.
It features high-fidelity machine learning to secure the gateway and endpoint data and
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.