Casbaneiro is a threat to cryptocurrency in Latin America – Yahoo Finance

Posted: October 16, 2019 at 4:50 pm

A new malware that can steal cryptocurrency has been uncovered. Its called Casbaneiro and is a threat for users in Latin America particularly in Brazil and Mexico.

The virus was discovered by ESET, a Slovak software developer specialising in antivirus.

Casbaneiro, also called Metamorfo, is a malware family member belonging to banking Trojans, quite typical to Latin America. The virus targets banks and can also track data from crypto wallets. Its focused on bank and payment services mainly in Mexico and Brazil.

That doesnt mean that the rest of the world is safe, though. The virus is likely to expand to other countries in Latin America and even outside the continent.

According to ESET, Casbaneiro is similar to another malware virus called Amavaldo. It uses the same techniques to trick users and obtain data necessary to access wallets and steal cryptocurrency.

Casbaneiro follows the traditional course of action of all Trojan malware. It convinces the user to share personal data by using a trick. It uses pop-ups and fake communications to obtain sensitive information from end-users.

The strategy behind the attack seeks to urge you to take action, such as confirming your bank account information, verifying your credit, or launching a software update.

Once present on your device, the malware monitors your activity and steals your passwords. Then, it creates fake email addresses and sends the data to the attacker, who will use it to modify transactions.

The attackers then gain access to your activity inside your wallet and then replace your data with theirs. It only takes a few seconds to transfer your funds to their active wallets.

The virus takes a series of complex actions and uses backdoor commands to control your device. It can make screenshots and share them with its servers, remember keystrokes, simulate keyboard and mouse action, and even block your access to your banking site.

One of the most intriguing features of this malware family is its ability to hide the C&C server (the attackers computer from where the commands to your system arrive). As far as the ESET team could find out, the virus has multiple ways to cover its tracks. It either encrypts the domain and stores it in the data section or embeds the encryption in online documents and external websites.

Usually, Casbaneiro arrives on your device through email. However, the specialists from ESET identified other campaigns designed to spread the virus across devices.

One campaign includes a phishing message announcing a software update. End-users receive a link that supposedly allows them to download and install an update of their financial management software. Instead, the victims install Casbaneiro, which immediately starts extracting data from the devices archive while monitoring the users activity.

Another way to get the virus is by using a Re-Loader activator for Windows a cracking tool that allows users to activate Windows and Microsoft Office. In this case, the victim downloads not only the Re-Loader but also the virus. Casbaneiro is executed before the other tool and starts gathering data right away.

Malware families targeting cryptocurrency are dangerous. The blockchain is safe, but the virus can attack other areas where your digital assets dont benefit from the same level of protection.

Casbaneiro, for instance, is very similar to a legitimate application on your device. Youll only notice its presence when cryptocurrency starts to go missing from your wallet. And, as transactions on the blockchain are irreversible, you cant undo them and get your funds back.

Trojans are dangerous because, once in your computer, they get access to almost everything you do. The virus records every password, private key, or other information that you use to make transactions. Then, it sends them to its server, where attackers gain access to your wallet in seconds. Blockchains high-security features cant protect you from this, as they have no impact on how you protect your digital wallet.

Until now, Casbaneiro has been targeting bank applications in Brazil and Mexico, but theres no guarantee the attackers will stop there. In fact, its more likely the virus will spread across Latin America or even further.

Story continues

Prevention is still the most effective way to fight against Trojans. So, never download or install any software from unknown sources (or sources that you dont trust). Moreover, if someone uses email to send a programme, dont open the attachment without checking with the sender.

Another way to protect yourself from Trojans is by keeping all your apps and software up to date. It slows down the virus from taking complete control of your computer.

As you may already know by now, you also need an internet security solution (antivirus) to protect your device. Many have features specially created to block Trojan malware. These are necessary when using your device for financial operations of any kind.

Last but not least, dont let yourself be tricked by the idea that it wont happen to you. Casbaneiro and its cousin Amavaldo arent the only viruses targeting cryptocurrency. Cyberattackers are developing Trojans in all parts of the world, from India to Europe and the US, so it pays to develop good cyber hygiene habits.

The post Casbaneiro is a threat to cryptocurrency in Latin America appeared first on Coin Rivet.

Read the rest here:
Casbaneiro is a threat to cryptocurrency in Latin America - Yahoo Finance

Related Posts