ESET researchers have continued their investigation on the Latin American banking trojans with Numando, primarily targeting Brazil and seldom Mexico and Spain in particular. This time it disassembles. Numando is comparable in its use of phony overlay windows, backdoor capability, and the manipulation of utilities such as YouTube to maintain remote configuration to the other malware families. However, Numando doesn't show symptoms of continual evolution, as did several of the Latin American banking trojans. Numando is operational since 2018, focusing entirely on Brazil but rare attacks are focused on consumers in Mexico and Spain were reported by specialists. This financial malware, which was written in Delphi, shows bogus overlaying windows to mislead victims into entering sensitive data, including bank services information. It spreads exclusively via spam and phishing campaigns. Such efforts aren't precisely sophisticated, and just a few hundred victims were found at the time of writing. As a consequence, it seems Numando is "considerably less successful" than others, such Mekotio and Grandoreiro, across Latin America. The absence of complexity of the operator has probably helped to achieve a low rate of infection. Recent campaigns comprise spam addressed to Numando, which includes an email with a phishing message and a.ZIP attachment. “Some Numando variants store these images in an encrypted ZIP archive inside their .rsrc sections, while others utilize a separate Delphi DLL just for this storage. Backdoor capabilities allow Numando to simulate mouse and keyboard actions, restart and shut down the machine, display overlay windows, take screenshots and kill browser processes.” reads the analysis published by ESET. “Unlike other Latin American banking trojans, however, the commands are defined as numbers rather than strings, which inspired our naming of this malwar ..
Support the originator by clicking the read the rest link below.
