• News/PR
  • Articles
    • Your Story
    • Infographics
  • Interviews
  • Events
    • Media Partnership
    • Upcoming Events
  • Content Partner
    • Business Wire
    • Nasscom Community
  • Videos
    • DHN Tech Tube
  • Advertise with Us
    • Advertise with DHN
    • Write For Us
  • Contact Us
  • News/PR
  • Articles
    • Your Story
    • Infographics
  • Interviews
  • Events
    • Media Partnership
    • Upcoming Events
  • Content Partner
    • Business Wire
    • Nasscom Community
  • Videos
    • DHN Tech Tube
  • Advertise with Us
    • Advertise with DHN
    • Write For Us
  • Contact Us
Web Hosting | Cloud Computing | Datacenter | Domain News Web Hosting | Cloud Computing | Datacenter | Domain News Web Hosting | Cloud Computing | Datacenter | Domain News
  • News/PR
  • Articles
    • Your Story
    • Infographics
  • Interviews
  • Events
    • Media Partnership
    • Upcoming Events
  • Content Partner
    • Business Wire
    • Nasscom Community
  • Videos
    • DHN Tech Tube
  • Advertise with Us
    • Advertise with DHN
    • Write For Us
  • Contact Us
  • News/PR
  • Articles
    • Your Story
    • Infographics
  • Interviews
  • Events
    • Media Partnership
    • Upcoming Events
  • Content Partner
    • Business Wire
    • Nasscom Community
  • Videos
    • DHN Tech Tube
  • Advertise with Us
    • Advertise with DHN
    • Write For Us
  • Contact Us

Share This Post

Newss

CamuBot malware pretending to be security application to steal business banking credentials: IBM X-Force

By Virendra Soni on September 6, 2018 No Comments / 1428 views
CamuBot

A new financial malware, pretending to be a security application, is targeting business banking customers in Brazil. Dubbed CamuBot, the malware uses bank logos and brand imaging to appear like a security module required by the banks it targets, finds researchers at IBM X-Force.

The CamuBot is different from other banking Trojans which hide their deployment. It gains the trust of victims to install the security application without knowing that they are running an installation wizard for a Trojan horse.

According to the findings of IBM X-Force, CamuBot emerged in Brazil in August this year. The operators of this malware use it to attack companies and public-sector organizations to bypass strong authentications and security controls.

The malware operators find the businesses that bank with a certain financial institution. They make phone calls to the person who might be having the credentials to business bank account credentials. The attackers identify themselves as bank employees, and the purpose of the call as to check whether his security module is up to date.

The attackers provide a URL to browse for checking the update status, which of course shows negative result. Then they ask the victim to install a new security module for online banking activities. While downloading the module, they also advise the person to close all running programs and run installation with a Windows administrator profile.

At the back-end, the malware gets executed on the device of victim, and two files are written to the Program Data Windows folder. This establishes a proxy module on the device for appearing CamuBot as trusted to the firewall rules and antivirus.

After the completion of installation, the victim is redirected to a phishing website that seems like the online portal of their bank. The victim is asked for bank login details, and the biggest mistake happens. The banking credentials are unknowingly sent to the attackers.

The attackers disconnect the call if they successfully take over the account.

In case the victim is using a strong authenticated device asking for OTP, then the attackers install a driver for that device for remote sharing. Since the victim is assuming that he is talking to a bank executive, he may authorize the access. Thus, the attackers intercept the OTPs as well for authentication purposes.

Furthermore, the installed drivers can help attackers to gain the biometric authentication as well.

Also read: Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report

Researchers believe that the malware operators collect contact information from local phone books, search engines, and social networks to connect with people owning the business or the person who would be having bank account details.

Currently, the CamuBot is targeting the bank business accounts in Brazil but researchers it may reach other geographies as well.

bank account credentials banking Trojans CamuBot financial malware IBM X-Force malware

Share This Post

Related Articles

  • Acronis rolls out major update to its enterprise backup solution
    Acronis rolls out major update to its enterprise backup solution
    April 4, 2019
  • Comodo Dome Shield Platinum
    Comodo rolls out Platinum version of Dome Shield for DNS-based security and visibility
    November 1, 2018
  • Global Threat Report
    400 million unique malware samples detected globally in Q2 2018: Comodo Global Threat Report
    August 10, 2018
  • cybersecurity and risk management
    Top 6 emerging cybersecurity and risk management trends: Gartner
    July 5, 2018
  • Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report
    Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report
    April 12, 2018
  • Acronis PE Analyzer
    Acronis integrates its anti-malware solution PE Analyzer into Google’s VirusTotal
    December 19, 2018
  • Comodo Zero-day Challenge
    Comodo Zero-day Challenge seeks to unmask anti-virus vendors that fool customers
    August 8, 2018
  • Dirty Secrets of Network Firewalls
    “IT managers can’t tell you how 45% of their bandwidth is consumed”: Dirty Secrets of Network Firewalls report
    April 26, 2018
  • A New Virus, Suspected Variant of ‘Ramnit’ Malware Family, Spreads Fast in Indian Cyber Space
    April 25, 2013

Leave a Reply Cancel Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

− 4 = 3

Stay Updated

Subscribe to Newsletter

Most Popular

best datacenter providers in India best datacenter providers in India
Articles / Business Hosting / Cloud / Datacenter / Datacenter

Top 10 best data center service providers in India 2022

Solar VPS Selects Digital Realty For SolarSystem™ Node In Dallas, Texas Solar VPS Selects Digital Realty For SolarSystem™ Node In Dallas, Texas
Cloud / Datacenter / Hosting / News / Partnership / Technology

Solar VPS Selects Digital Realty For SolarSystem™ Node In Dallas, Texas

How to Add Your Skype Contacts to Lync and Vice versa How to Add Your Skype Contacts to Lync and Vice versa
Articles / Innovation / New Products / News / Social Media / Technology

How to Add Your Skype Contacts to Lync and Vice versa

Rackspace to deliver its hybrid cloud solutions in Switch’s Tier 5 Platinum data centers Rackspace to deliver its hybrid cloud solutions in Switch’s Tier 5 Platinum data centers
Cloud / Cloud News / Datacenter / News

Rackspace to deliver its hybrid cloud solutions in Switch’s Tier 5 Platinum data centers

Hosted Cloud Apps / Innovation / New Products / News

Softaculous Auto Installer apps library now has 300 scripts and 1115 PHP Classes

domain name registrars domain name registrars
Articles / Domain

Top 7 domain name registrars in 2021

  • Contact Us
  • Submit a Press Release
  • Hosting Coupons
  • Media Kit
  • Web Stories
  • Privacy Policy
  • Subscribe to Newsletter
Copyright © 2022 A ZNet brand. All rights reserved.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
PreferencesAccept AllReject All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. Click on different category headings to find out more and change default settings. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
These cookies are necessary for the website to function and cannot be switched off in our systems. These cookies ensure basic functionalities and security features of the website, anonymously. You can set your browser to block or alert you about these cookies.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedback, and other third-party features.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics, like the number of visitors, bounce rate, traffic source, etc. All information these cookies collect is aggregated and therefore anonymous.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
SAVE & ACCEPT
Katya Ivanova, VP Global Sales, Acronis

The HostingTalk Online with Sabarinath Sampath on creating a customer centric IT enterprise

What are the challenges of multi-cloud adoption? Panel Discussion | Sabarinathan Sampath

Innovation for Digital Innovation | Panel Discussion | Sabarinathan Sampath

The 11th edition of India CFO Summit & Award 2021 | Hosted by Sabarinathan Sampath

What are the challenges of multi-cloud adoption? Panel Discussion | Sabarinathan Sampath

IT Infrastructure Strategy, Challenges, Skills Development | Panel Discussion | Sabarinathan Sampath

Why cybersecurity matters in South Asia?

Capacity Middle East '22 | How to upgrade the capacity of subsea routes | Sabarinathan Sampath

CISO Zero Trust ASEAN | How Do You Develop a Zero Trust Organization | Panel Discussion

CISO Zero Trust ASEAN 2022 | Top Questions Board Will Ask and How You Can Prepare For Them |

South Asia Digital Week 2022 | Bangladesh Edition | Curbing The Rising Threat of Cyber Crimes

FINSEC2022 | Moving Core to the Cloud - Examining Security & Privacy | Sabarinathan Sampath

The CFO’s Role In Transforming Enterprise Compliance | Panel Discussion