Security News > 2020 > July > Brazil’s Banking Trojans Go Global

Brazil’s Banking Trojans Go Global
2020-07-15 16:57

Banking trojans, which steal online banking logins and other financial credentials from unsuspecting victims, are fairly common - but the more sophisticated examples are often pioneered in Brazil.

The third family, Melcoz, has been active since 2018, and is known for malware that, like other banking trojans, steals passwords from browsers and the computer's memory; but it also includes a module for stealing Bitcoin wallets.

"Generally, the malware uses AutoIt or VBS scripts added into MSI files, which run malicious DLLs using the DLL-Hijack technique, aiming to bypass security solutions," according to the report.

The malware is distributed via compromised websites as well as via spearphishing and, like Guildma and Javali, it hides its C2 communications on legitimate third-party websites.

Dmitry Bestuzhev, head of Kaspersky's GReAT in Latin America, added, "What's more, they are continuously innovating, adding new tricks and techniques to hide their malicious activity and make their attacks more lucrative. We expect these four families to begin attacking more banks in additional countries, and new families to pop up. That's why it's so important for financial institutions to monitor these threats closely and take steps to boost their anti-fraud capabilities."


News URL

https://threatpost.com/brazils-banking-trojans-global/157452/