Monday, January 27, 2025
Follow us On Linkedin
HomeComputer SecurityA New Banking Malware Disguises as Security Module Steals Your Banking Credentials

A New Banking Malware Disguises as Security Module Steals Your Banking Credentials

Computer SecurityMalware

Published on

By Gurubaran
A New Banking Malware Disguises as Security Module Steals Your Banking Credentials

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

A new unique banking malware dubbed CamuBot poses itself like a security module from the bank to gain victim’s trust and tempt them into installing the malware on their device.

The threat actor’s actively targeting the companies and public sector organizations using a number of social engineering techniques to bypass the security controls.

Security researchers from IBM spotted the CamuBot malware is more sophisticated and designed with a new code. It is different from the common banking trojans and it is blended with a number of social engineering techniques for device take over.

Unique Banking Malware Targets Business Bank Account Customers

The attack start’s with some basic reconnaissance, they use to call the person who is holding the Business Bank Account and identify them as the bank employee and ask the victim’s to navigate to the URL to ensure their security module is up to date.

It is a fake page to trick the victim’s so it comes up as negative and ask’s them to install a new security module. Also, it advises the victim’s to run the security module as an admin user and to close any other running programs.

To gain user’s trust it shows the banking logo and the modules install into the victim’s device silently. It also establishes a proxy module and add’s itself into the firewall to make it appear trusted.

The executable, name of the file and the URL are not a static one, they continue to change for every installation. Communication established through Secure Shell (SSH)-based SOCKS proxy.

Once the installation completed it pop-up a screen and redirects victim’s to a phishing page that designed like a banking portal. The phishing page asks victim’s to input his or her credentials and attackers make use of it. Attackers hang up after the account takeover.

According to IBM X-Force researchers, if there is any endpoint the malware is used to install additional drivers for the device, then attackers ask to enable remote sharing if the victim authorizes then it enables attackers to intercept to intercept one-time passwords. By having the one-time passwords the attackers can initiate a fraudulent transaction.

The delivery of CamuBot is personalized, at this time, CamuBot targets business account holders in Brazil and not in any other geographies said X-Force researchers.

Also Read

Dangerous Android Malware that Steals Banking Credentials, Call Forwarding, Keylogging, and Ransomware Activities

Android Device With Open ADB Ports Exploited to Spread Satori Variant of Mirai Botnet

60,000 Android Devices are Infected with Malicious Battery Saver App that Steals Various Sensitive Data

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

White House Considers Oracle-Led Takeover of TikTok with U.S. Investors

In a significant development, the Trump administration is reportedly formulating a plan to prevent...
cyber security

Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft

IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory...
Apache

Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through...
cyber security

GitHub Vulnerability Exposes User Credentials via Malicious Repositories

A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

cyber security

Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices

A recent cybersecurity attack involving a Trojanized version of the XWorm Remote Access Trojan...
cyber security

Beware of Fake Captcha Verifications Spreading Lumma Malware

In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA...
ChatGPT

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved