Metamorfo Returns with Keylogger Trick to Target Financial Firms

2020-02-06 18:16

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies.

Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords - which it then tracks via a keylogger.

Researchers said these dual functionalities enable the malware to track victims' passwords as they manually write them out - enabling the malware operators to keep tabs on passwords even if they're changed.

Beyond this technique, the malware's arsenal of capabilities are similar to older variants: It collects information such as the OS version, computer name, installed antivirus software and more from the victim's systems, and also creates tasks to monitor Bitcoin wallet addresses on the system clipboard, and to detect whether or not the victim is accessing a financial institution website.

The Metamorfo news comes on the heels of the return of the CamuBot malware, also known for targeting Brazilian bank customers.

News URL

https://threatpost.com/metamorfo-variant-keylogger-financial/152640/

#financial #keylogger