The malware discussed in this blog saw input from X-Force researchers Andre Piva and Ofir Ozer. It was initially described in a blog post by X-Force’s Maor Wiesen and Limor Kessem.
The IBM Trusteer cybercrime research labs specialize in the detection and counteraction of the crimeware and attacks operated by organized cybercrime gangs. In one of our recent analyses, we encountered a new campaign of malware that we previously discovered and named “CamuBot.”
The first time CamuBot emerged was in August 2018 in Brazil. During that time, its operators targeted business accounts of some of the major banks in Brazil. The adversary behind the malware used a combination of malware and social engineering tactics to bypass the victimized organizations’ strong authentication challenges. These tactics are familiar from other parts of the globe where Trojans are used in high-stakes bank fraud that relies on complex social engineering to defraud victims. After that initial campaign in 2018, CamuBot went into a dormant period of inactivity for an entire year.
Recent CamuBot activity resurfaced exactly one year after we made the initial discovery of this malware. What strikes us as interesting about the attacks are their Brazil-centric tactics, a very targeted attack strategy, and the fact that the attackers’ TTPs cross different channels to eventually take over business accounts.
Unlike most malware we encounter in the Brazilian financial threat arena, CamuBot differs by using a unique code base. It also stands out in its operators’ brazen way of interacting with potential victims, and instead of concealing the malware, it poses as a security a ..
Support the originator by clicking the read the rest link below.
