In Latin America, a trojan is rampant, aimed at stealing access data to online banking and emptying crypto-wallets. In this case, the trojan is designed so that the victim sends the cryptocurrency to the scammers' wallets.
According to the ESET WeLiveSecurity blog, a new malware family known as Casbaneiro or Metamorfo uses the so-called “Social engineering”, which involves the display of fake pop-ups on the screen, misleading potential victims and pushing them to enter confidential information. Malicious functions of the malware are typical of banking trojans; it can take screenshots and send them to a remote server, simulate keyboard actions and register keystrokes, as well as restrict access to websites, download and run other tools, the report says.
Along with banking information, one of Casbaneiro's main goals is cryptocurrency wallets. According to ESET, Casbaneiro is able to track the contents of the clipboard and replace the copied wallet addresses with addresses belonging to the attacker. This, incidentally, is also a very common scheme.
As noted in the report, at the time of publication, ESET became aware of one of the attacker's wallets . The specified wallet received about 1.2 BTC in the amount of $ 9,812 at the current rate. And the total number of transactions on the wallet is 71. It is characteristic that all new BTCs are quickly transferred to other addresses.
In addition, recently discovered malware uses several cryptographic algorithms, each of which is able to encrypt data of various types, the report says.