silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections.
Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank.
The malware goes so far as to include bank logos that look and feel as if they’re part of a real security application. In some cases, the malware can also hijack one-time passwords used for biometric authentication.
In a report by IBM X-Force released Tuesday, researchers said CamuBot was first spotted in August 2018 in a targeted attack against business-class banking customers. The name, CamuBot, was given to the malware because it attempts to camouflage itself as bonafide branded security software.
“The malware’s operators are actively using [CamuBot] to target companies and public-sector organizations, mixing social engineering and malware tactics to bypass strong authentication and security controls,” said Limor Kessem, a global executive security advisor with IBM Security, in a technical breakdown of the attacks posted Tuesday.
Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank.
The malware goes so far as to include bank logos that look and feel as if they’re part of a real security application. In some cases, the malware can also hijack one-time passwords used for biometric authentication.
In a report by IBM X-Force released Tuesday, researchers said CamuBot was first spotted in August 2018 in a targeted attack against business-class banking customers. The name, CamuBot, was given to the malware because it attempts to camouflage itself as bonafide branded security software.
“The malware’s operators are actively using [CamuBot] to target companies and public-sector organizations, mixing social engineering and malware tactics to bypass strong authentication and security controls,” said Limor Kessem, a global executive security advisor with IBM Security, in a technical breakdown of the attacks posted Tuesday.