Casbaneiro: How Cyber Criminals “Collect” Crypto

Cyber criminals activity have been on the rise the last decade. After the incidents of CryptoLocker Ransomware, a new trojan (Casbaneiro) made its appearance.

Casbaneiro, also known as Metamorfo is a typical Latin American banking trojan that mostly used in Brazil and Mexico as shown in the picture below.

The trojan, by using advanced social engineering methods, displays fake pop-up windows. These pop-ups try to deceive the potential victims into entering sensitive information.

Cyber criminals
Countries affected by Casbaneiro

What Are the Trojan’s Capabilities?

The backdoor capabilities of this malware are typical of Latin American banking trojans. It can take screenshots and send them to its C&C server, simulate mouse and keyboard actions and capture keystrokes.

It can also download and install updates to itself, restrict access to various websites, and download and execute other executables.

Casbaneiro also collects several information about its victims. These information include the list of installed antivirus products, OS version, usernames and computer names.

Also, casbaneiro utilizes several cryptographic algorithms. The algorithms include command encryption, string encryption, payload encryption and remote configuration data encryption. All these encryptions are used to protect a different type of data.

The products the malware can potentially infect are Diebold Warsaw GAS Tecnologia (an application to protect access to online banking), Trusteer and several Latin American banking applications.

How Casbaneiro Affects Crypto Wallets?

Casbaneiro can also try to steal the victim’s cryptocurrency. It does so by monitoring the content of the clipboard and if the data seem to be a cryptocurrency wallet, it replaces them with the attacker’s own information.

Furthermore, researchers have found one of the attacker’s wallet addresses which was hardcoded in the binary.

Cyber criminals
Details of the attacker’s bitcoin wallet

To Protect Your Crypto From Cyber Criminals

Having antivirus always updated and using malware scanning programs like Malwarebytes is essential. Also double check the sending address before any crypto transaction.

And always, be careful where you click. Not everything in the internet are as they seem.


Comments (No)

Leave a Reply