Casa » Noticias » Casbaneiro troyano bancario utiliza YouTube para robar criptomoneda

Casbaneiro troyano bancario utiliza YouTube para robar criptomoneda

Eset estudió la nueva familia de troyanos bancarios Casbaneiro. Un programa malicioso cazado por criptomoneda de los usuarios de Brasil y México y se utiliza YouTube para ocultar los rastros en las descripciones de video.

reuring the study, expertos Eset encontrado que Casbaneiro tiene una funcionalidad similar a otra familia de troyanos bancarios – Un mavaldo. Malicious programs use the same cryptographic algorithm and distribute a similar malicious email utility.

Like Amavaldo, the Casbaneiro Trojan uses pop-ups and forms to trick victims. Such methods of social engineering are aimed at primary emotionsa person is urgently, without hesitation forced to make a decision. The reason may be a software update, credit card verification, or a request from a bank.

“One method observed is having the C2 address embedded in an online document (Google Docs). The file is filled with useless text but also contains the name of the domain in encrypted form. The start and the end of the string are marked by an exclamation point and it is encoded in hexadecimal”, - informe ESET researchers.

después de la infección, Casbaneiro restricts access to various banking sites, as well as monitors keystrokes and takes screenshots. Adicionalmente, the Trojan monitors the clipboardif the malware sees the personal data of a cryptocurrency wallet, it replaces the recipient’s address with the scammer’s wallet.

The Casbaneiro family uses many sophisticated algorithms to mask code, decrypt downloaded components, and configuration data. The main way Casbaniero is distributed is through malicious phishing emails, like Amavaldo.

leer también: espías de Troya varenyky en los usuarios los sitios de pornografía

A feature of the Trojan was that Casbaneiro operators carefully tried to hide the domain and port of the C&servidor de C. He was hidden in a variety of placesin fake DNS records, en Google Docs online documents, and even on fake websites of various institutions. It is interesting that sometimes attackers managed to hide the traces of the managing server on official sites, as well as in video descriptions on YouTube.

LEER  Vulnerabilidades en MMC permiten tomar el control del sistema

Connecting to YouTube is no cause for concern because it is normal traffic. Even taking a look at the video gives no clue and the link at the end of the description is easily missed, the researchers say.

Although the malware is not sophiticated, its capabilities are extensive enough to generate multiple revenue streams for its operators or to enable them to switch to different money-driven attacks.

[Total:0    Promedio:0/5]

Acerca de Trojan Killer

Trojan Killer llevar portátil en su dispositivo de memoria. Asegúrese de que usted es capaz de ayudar a su PC resistir cualquier amenaza cibernética donde quiera que vaya.

también puedes ver

Cómo quitar el virus Uihost32.exe CPU Miner

Un completamente nuevo, extremadamente peligrosos virus de la minera criptomoneda ha sido detectado por los investigadores de seguridad y protección. …

Piratería torneo de Tokio Pwn2Own

Los participantes del torneo de la piratería Pwn2Own Tokio 2019 hackeado Galaxy Samsung S10, Xiaomi MI9, Amazon Eco y no sólo

El torneo piratería Pwn2Own Tokio 2019, Tradicionalmente, celebrada en el marco de la conferencia y PacSec …

Deja una respuesta