A banking malware that is “well-camouflaged” and “nearly invisible” to cyber threat detection systems is on the loose in Latin America, according to tech giant IBM.
Senior threat researcher Itzhak Chimino says IBM uncovered a banking trojan known as UnregStealer that is targeting Latin American banks while posing as a Chrome browser extension. According to Chimino, UnregStealer deceives users into installing it by tricking them into updating their Secure Sockets Layer (SSL) certificate.
“Based on the executable naming convention and delivery pattern, victims are most likely presented with what appears to be a security warning informing them that their browser requires a mandatory SSL certificate update…
…The “certificate” is entirely fabricated, and no such browser requirement exists. It is simply a convincing cover story to get the victim to run an executable.”
When a user is browsing the internet, the malware runs a script that checks whether the victim is visiting one of the websites listed among the targeted banking portals, says IBM. If so, the malware then steals session cookies for the banking website the victim is visiting. Each time a field is clicked and information is entered, the malware captures privileged information such as passwords, one-time passwords and account numbers. Once the information is captured, UnregStealer’s next course of action is determined by its human operator.
“This trojan involves a real operator, who watches each victim session live and pulls the trigger manually. This variation makes the campaign nearly invisible to sandboxes and behavioral detection systems that never see the payload activate.”
According to Chimino, the UnregStealer banking malware has the capacity and potential to pose a bigger threat.
“The infrastructure patterns observed suggest an operator with the capability and motivation to expand targeting beyond what this investigation has confirmed.”
Follow us on X @InvCryptoDaily
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
___________________
Images May Be Sourced From Pixabay, Creative Commons & Midjourney
This post IBM Issues Warning on ‘Well-Camouflaged’ Bank Malware That’s Draining Login Credentials may be modified as updates unfold.
Please note, this site provides content for entertainment purposes only and does not offer financial advice. Read more here
