It’s yet another time that crypto enthusiasts are having problems with cybercriminals after ESET, a Slovakia based antivirus software provider discovered a new malware. Per the ESET post, the new malware is called Metamorfo or Casbaneiro, but it is present in Latin America.
According to ESET, the primary targets of the Casbaneiro malware are banking users and crypto enthusiasts with cryptocurrency wallets. To launch its attacks, the Casbaneiro uses a socially engineered execution-style attack method.
How the Banking Trojan Launches Its Attack
After execution, the socially engineered Trojan malware displays fake pop-ups that look legit but are after the user’s details. The pop-up prompts the user to key in their info, which is saved and sent to the cybercriminals. However, besides going after the data, Metamorfo malware also comes with additional capabilities.
It can download and install its updates, download and execute other applications and can also restrict access to some websites. Similarly, Metamorfo can capture the user’s keystrokes, keyboard actions, initiate and simulate mouse movements, and also take screenshots of the computer.
Screenshots taken are sent to a server. In addition to the above, the Metamorfo malware also checks if the user has banking applications and other specific software installed. It also sends back information on the computer name, username, OS version in use and complies a list of installed antivirus.
Further on for crypto enthusiasts with crypto wallets, the Metamorfo malware hijacks their clipboard to steal cryptocurrency from their crypto wallets by replacing the wallet address. Although not a new technique, the Metamorfo malware has already stolen cryptocurrency from users with this method. The malware also monitors the wallet activity of its target with the anticipation of launching attacks later on.
According to EST, cybercriminals have been successful in their attacks, and their investigations one hardcoded binary code shows one wallet contains 1.2 Bitcoin. At the current exchange rates, the 1.2 BTC is worth $9,812. According to Blockchain.com, the crypto wallet in question has had only 71 transactions. However, to hide its tracks, the malware uses multiple cryptographic algorithms to hide its trace. According to security experts, every algorithm is used to protect a specific string of data.