CamuBot

CamuBot is a banking Trojan that disguises itself as being a security module while giving a remote attacker your bank account's login credentials. Its campaign uses highly-targeted methods of tricking victims into installing the threat manually, after which, the criminals transfer out money. Brazilian PC users should be attentive to any signs of a potential tactic especially and use anti-malware products for removing CamuBot immediately before contacting their bank after any infections.

Brazilians Banking on the Wrong Security Module

Although Brazil is a name that appears in close correlation with experimental and upcoming campaigns against the banking industry and its customers, few spyware kinds in the centers of such attacks are as well-concealed as CamuBot. CamuBot operates with bank account-based theft motivations similarly to those of the MnuBot RAT, the Metamorfo Banking Trojan, the Client Maximus, or the 2016's Sphinx. However, unlike all of its competition and predecessors, CamuBot uses a disguise that requires the victim's unintentional consent and openly maintains its system persistence by pretending that it's another program.

The threat actors are using high-specificity tactics by contacting their victims, typically Brazilian company employees with access to the organization's finances, over the phone. By pretending that they work at the company's bank, they then convince the user to install a fake security module. CamuBot's installation and UI also facilitate this disguise, instead of hiding its presence on the infected PC, as is the norm with most spyware, and the user receives instructions for loading a phishing website that captures the account's login credentials immediately.

Although CamuBot includes the vanilla features of confidential data exfiltration that other banking Trojans possess, malware experts also caution that it includes additional features that are specific to breaching your banking transactions' security protocols. CamuBot enables the remote-sharing of hardware-based authorization devices, including those using biometrics (such as fingerprints or voice recognition). However, for now, the victim must consent to the procedure, which the tactic artist convinces them to do as a part of the setup for the 'security module.'

Bolstering the Weakest Part of Your PC's Security: You

The CamuBot campaign is very effective at bypassing various security standards and giving criminals total access to both the PC and the associated bank account. However, the emphasis on manual installations and the related scam does limit its distribution moderately by requiring a threat actor to spend his attention and social skills on handling the infection. Since malware researchers strongly anticipate that the victims' phone numbers are from free sources, any company workers with access to the organization's finances should keep their public-facing contact data in mind whenever they're interacting with strangers.

The fake module interface has no bearing on the banking Trojan's real features, and users should assume that infected PCs also are at risk from backdoor attacks. Disable the affected PC's Internet connection before disinfecting it; most anti-malware programs should uninstall CamuBot or even detect it as a threat and stop the install routine. After doing so, contact your bank for further instructions as soon as possible for eliminating any chances of fraudulent cash transfers or reversing ones that have taken place already.

While the PC security industry is always updating its threat databases and defenses, they can't patch a computer's operator. Employees around the world, but for Brazil, especially, should keep abreast of current tactics like the CamuBot campaign for conserving the company money.