ESET Flags New Latin American Banking Trojan That Targets Crypto

Major Slovakia-based antivirus software provider ESET has discovered a Latin American banking trojan that can steal crypto
Major Slovakia-based antivirus software provider ESET has discovered a Latin American banking trojan that can steal crypto

Major Slovakia-based antivirus software provider ESET has discovered a banking trojan that can steal cryptocurrencies and is especially widespread in Latin America.

Primary targets

Known as “Casbaneiro” or “Metamorfo,” the newly found malware family targets banks and cryptocurrency services located in Brazil and Mexico, ESET’s editorial arm WeLiveSecurity reports Oct. 3.

According to the report, Casbaneiro uses a social engineering execution method, which displays fake pop-up windows misleading potential victims to enter sensitive information. The capabilities of the malware are typical of Latin American banking trojans that can take screenshots and send them to command and control server, simulate keyboard actions and capture keystrokes as well as restrict access to websites and download and execute other tools, the report notes.

Stealing crypto via clipboard

Alongside banks, one of the major targets of Casbaneiro is cryptocurrency wallets. According to ESET, Casbaneiro is capable of monitoring the content of the clipboard and replacing the crypto wallets victims have copied with addresses belonging to the attacker.

As noted in the report, ESET has become aware of only one attacker’s wallet at the time of publication. Reportedly hardcoded in the binary code, the reported wallet has around 1.2 Bitcoin (BTC), worth $9,812 at press time with a total number of transactions amounting to 71, according to Blockchain.com.

Additionally, the newly discovered malware uses multiple cryptographic algorithms, with each one intending to protect a different type of data, the report says.

On Sept. 26, Amerian Internet infrastructure firm Juniper Networks warned users of a new spyware called Masad Clipper and Stealer, which reportedly uses the Telegram app to replace crypto addresses with its own.