The malware is back in targeted attacks against Brazilian banking customers, this time using a new technique that involves mobile app authorization.
The CamuBot malware, known for targeting Brazilian bank customers, has returned in a slew of recent offensives. The latest wave of attacks are highly personalized and, unlike previous campaigns, target victims’ mobile banking apps as an extra step to evade detection when making fraudulent transfers.
Researchers said they’ve observed the CamuBot malware being distributed in two highly targeted campaigns over the past six months, including one from August to September, and then another from October to November. Now, the onslaught is continuing into 2020, they said. The victims in these campaigns are small business account holders, in charge of companies’ accounts with large banks in Brazil, researchers said.
“Some observations from the campaigns are that the adversary operating CamuBot handpicks potential victims and remains as targeted as possible, likely to keep the attack’s [tactics, techniques and procedures] TTPs on low profile and their team from attracting the attention of local law enforcement,” said IBM X-Force researchers Chen Nahman and Limor Kessem,
in an analysis this week.
