Security News > 2023 > July > New TOITOIN Banking Trojan Targeting Latin American Businesses

Businesses operating in the Latin American region are the target of a new Windows-based banking trojan called TOITOIN since May 2023.

"This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage," Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week.

"These modules are custom designed to carry out malicious activities, such as injecting harmful code into remote processes, circumventing User Account Control via COM Elevation Moniker, and evading detection by Sandboxes through clever techniques like system reboots and parent process checks."

The loader, for its part, is designed to decode a JPG file downloaded alongside the other payloads and launch another executable known as the InjectorDLL module that reverses a second JPG file to form what's called the ElevateInjectorDLL module.

The InjectorDLL component subsequently moves to inject ElevateInjectorDLL into the "Explorer.exe" process, following which a User Account Control bypass is carried out, if required, to elevate the process privileges and the TOITOIN Trojan is decrypted and injected into the "Svchost.exe" process.

It checks for the presence of Topaz Online Fraud Detection, an anti-fraud module integrated into banking platforms in the LATAM region.

News URL

https://thehackernews.com/2023/07/new-toitoin-banking-trojan-targeting.html