(Total Views: 563)
Posted On: 09/04/2018 10:00:51 AM
Post# of 82677
StrikeForce protects against keylogging Trojans from stealing your credentials and screen grabbers ......
This malware disguises itself as bank security to raid your account
CamuBot takes advantage of your trust in your bank to hide in plain sight.
Charlie Osborne
By Charlie Osborne for Zero Day | September 4, 2018 -- 10:00 GMT (03:00 PDT) | Topic: Security
Banking malware, including Trojans which steal your online credentials and screen grabbers, usually place heavy emphasis on remaining undetected for as long a period of time as possible.
MORE SECURITY NEWS
Troll-killing internet software Trollteq arrives
Telegram starts to play nice with security agencies over user data, but not in Russia
Defense Distributed now sells 3D gun blueprints online, 'pay what you want'
Meet the malware which hijacks your browser and redirects you to fake pages
TrickBot, Emotet, BackSwap and the experimental MysteryBot are only a handful of the countless forms that banking malware can take.
The majority of these malware variants will deploy on victim machines in order to gather information and steal credentials, of which will then be sent to a command-and-control (C&C) server controlled by threat actors.
Once data relevant to a financial account is stolen and transferred, this information will be used to plunder bank accounts and conduct identity theft, or will be prepared for sale on the Dark Web.
See also: The Dark Web: How much is your bank account worth?
ADVERTISING
A new financial malware bucks the trend and rather than employ heavy stealth techniques to stay hidden, instead, camouflages itself as a legitimate bank security system.
Dubbed CamuBot, IBM X-Force researchers said on Tuesday that the financial malware is masquerading as security modules required by target banks for online business banking.
Software-Defined Data Center - Get The Most Out of Today's Infrastructure
Running a data center today, no matter the business, is an exercise in managing and overcoming complexity. In this report, we’ll look at how a strong foundation in both the cloud and internal data centers is empowering organizations to not only get...
White Papers provided by IBM
The malware appears to be focusing on Brazilian banks at present. Limor Kessem, Global Executive Security Advisor at IBM Security says that business banking customers are most at risk of being targeted.
CamuBot first came on the radar in August. The new malware strain was spotted by IBM due to a slew of sophisticated, targeted attacks against companies and public sector organizations which rely on social engineering.
CNET: That VPNFilter botnet the FBI wanted us to help kill? It's still alive
The operators behind the malware begin by performing basic reconnaissance to find businesses which are connected to a bank of interest. A phone call is then made to someone from the business which is likely to know the information required to access a business bank account.
While masquerading as a bank employee, a criminal involved in the scheme then attempts to direct the victim to an online domain in order to 'check the status' of a security module.
Naturally, this 'check' will show the module -- which uses bank logos and a color scheme which makes it appear to be legitimate security software -- needs an update.
The victim is then directed to install a "new" security module, which is, in fact, an installation wizard for the CamuBot Trojan.
A fake Windows application, which features the target bank's logo, will then execute. CamuBot then writes dynamic files to the Windows folder to establish an SSH-based SOCKS proxy module, as well as add itself to the Windows Firewall to appear trusted.
The victim is then redirected to a phishing website where they are asked to log in with their bank credentials. This domain then sends the account information to the threat actors behind CamuBot.
TechRepublic: The 10 most common types of malware, and how to avoid them
"The proxy module is loaded and establishes port-forwarding," IBM says. "This feature is generally used in a two-way tunneling of application ports from the client's device to the server. In CamuBot's case, the tunnel allows attackers to direct their own traffic through the infected machine and use the victim's IP address when accessing the compromised bank account."
Having patiently ran through the infection chain with the victim on the phone, if the credentials are deemed enough, the threat actor then hangs up.
Biometric authentication, which is being used fairly often to protect bank accounts online, can also be compromised.
According to IBM, the malware is able to fetch and install drivers for authentication devices and operators may ask victims to enable remote sharing. This, in turn, allows the cyberattackers to intercept and steal one-time passwords generated for authentication.
The cybersecurity researchers say that the majority of attacks are taking place in Brazil, and while no CamuBot infections have been detected in other countries, this may change in the future.
See also: How hackers managed to steal $13.5 million in Cosmos bank heist
Last month, cybercriminals highlighted how important it is for financial institutions to maintain good levels of cybersecurity protection. In a bold bank heist, unknown threat actors managed to steal $13.5 million from India's oldest bank, Cosmos.
In a two-stage attack, fraudulent SWIFT transactions were made across multiple countries alongside a wave of debit card transactions across India. Some of the funds were transferred to Hong Kong.
The attack has been connected to Lazarus, a state-sponsored threat group believed to originate in North Korea.
PREVIOUS AND RELATED COVERAGE
Banking malware finds new life spreading data-stealing trojan
Hacking group targets banks with stealthy trojan malware campaign
New wave of cyberattacks against global banks linked to Lazarus cybercrime group
This malware disguises itself as bank security to raid your account
CamuBot takes advantage of your trust in your bank to hide in plain sight.
Charlie Osborne
By Charlie Osborne for Zero Day | September 4, 2018 -- 10:00 GMT (03:00 PDT) | Topic: Security
Banking malware, including Trojans which steal your online credentials and screen grabbers, usually place heavy emphasis on remaining undetected for as long a period of time as possible.
MORE SECURITY NEWS
Troll-killing internet software Trollteq arrives
Telegram starts to play nice with security agencies over user data, but not in Russia
Defense Distributed now sells 3D gun blueprints online, 'pay what you want'
Meet the malware which hijacks your browser and redirects you to fake pages
TrickBot, Emotet, BackSwap and the experimental MysteryBot are only a handful of the countless forms that banking malware can take.
The majority of these malware variants will deploy on victim machines in order to gather information and steal credentials, of which will then be sent to a command-and-control (C&C) server controlled by threat actors.
Once data relevant to a financial account is stolen and transferred, this information will be used to plunder bank accounts and conduct identity theft, or will be prepared for sale on the Dark Web.
See also: The Dark Web: How much is your bank account worth?
ADVERTISING
A new financial malware bucks the trend and rather than employ heavy stealth techniques to stay hidden, instead, camouflages itself as a legitimate bank security system.
Dubbed CamuBot, IBM X-Force researchers said on Tuesday that the financial malware is masquerading as security modules required by target banks for online business banking.
Software-Defined Data Center - Get The Most Out of Today's Infrastructure
Running a data center today, no matter the business, is an exercise in managing and overcoming complexity. In this report, we’ll look at how a strong foundation in both the cloud and internal data centers is empowering organizations to not only get...
White Papers provided by IBM
The malware appears to be focusing on Brazilian banks at present. Limor Kessem, Global Executive Security Advisor at IBM Security says that business banking customers are most at risk of being targeted.
CamuBot first came on the radar in August. The new malware strain was spotted by IBM due to a slew of sophisticated, targeted attacks against companies and public sector organizations which rely on social engineering.
CNET: That VPNFilter botnet the FBI wanted us to help kill? It's still alive
The operators behind the malware begin by performing basic reconnaissance to find businesses which are connected to a bank of interest. A phone call is then made to someone from the business which is likely to know the information required to access a business bank account.
While masquerading as a bank employee, a criminal involved in the scheme then attempts to direct the victim to an online domain in order to 'check the status' of a security module.
Naturally, this 'check' will show the module -- which uses bank logos and a color scheme which makes it appear to be legitimate security software -- needs an update.
The victim is then directed to install a "new" security module, which is, in fact, an installation wizard for the CamuBot Trojan.
A fake Windows application, which features the target bank's logo, will then execute. CamuBot then writes dynamic files to the Windows folder to establish an SSH-based SOCKS proxy module, as well as add itself to the Windows Firewall to appear trusted.
The victim is then redirected to a phishing website where they are asked to log in with their bank credentials. This domain then sends the account information to the threat actors behind CamuBot.
TechRepublic: The 10 most common types of malware, and how to avoid them
"The proxy module is loaded and establishes port-forwarding," IBM says. "This feature is generally used in a two-way tunneling of application ports from the client's device to the server. In CamuBot's case, the tunnel allows attackers to direct their own traffic through the infected machine and use the victim's IP address when accessing the compromised bank account."
Having patiently ran through the infection chain with the victim on the phone, if the credentials are deemed enough, the threat actor then hangs up.
Biometric authentication, which is being used fairly often to protect bank accounts online, can also be compromised.
According to IBM, the malware is able to fetch and install drivers for authentication devices and operators may ask victims to enable remote sharing. This, in turn, allows the cyberattackers to intercept and steal one-time passwords generated for authentication.
The cybersecurity researchers say that the majority of attacks are taking place in Brazil, and while no CamuBot infections have been detected in other countries, this may change in the future.
See also: How hackers managed to steal $13.5 million in Cosmos bank heist
Last month, cybercriminals highlighted how important it is for financial institutions to maintain good levels of cybersecurity protection. In a bold bank heist, unknown threat actors managed to steal $13.5 million from India's oldest bank, Cosmos.
In a two-stage attack, fraudulent SWIFT transactions were made across multiple countries alongside a wave of debit card transactions across India. Some of the funds were transferred to Hong Kong.
The attack has been connected to Lazarus, a state-sponsored threat group believed to originate in North Korea.
PREVIOUS AND RELATED COVERAGE
Banking malware finds new life spreading data-stealing trojan
Hacking group targets banks with stealthy trojan malware campaign
New wave of cyberattacks against global banks linked to Lazarus cybercrime group
(6)
(0)
WORDS TO LIVE BY:
Never argue with stupid people, they will drag you down to their level and then beat you with experience.
Get .... PrivacyLok https://cyberidguard.com/
Try SafeVchat: https://cyberidguard.com/
My comments are only my opinion and are not to be used for investment advice.
Please conduct your own due diligence before choosing to buy or sell any stock.
Never argue with stupid people, they will drag you down to their level and then beat you with experience.
Get .... PrivacyLok https://cyberidguard.com/
Try SafeVchat: https://cyberidguard.com/
My comments are only my opinion and are not to be used for investment advice.
Please conduct your own due diligence before choosing to buy or sell any stock.
Scroll down for more posts ▼
