1. Home
  2. /
  3. IT Security
  4. /
  5. This crafty malware makes...

This crafty malware makes you retype your passwords so it can steal them

Metamorfo banking trojan has expanded its campaign to target online users' banking services.

A trojan malware campaign is targeting online banking users around the world with the aim of stealing credit card information, finances and other personal details.

Detailed by cybersecurity researchers at Fortinet, the Metamorfo banking trojan has targeted users of over 20 online banks in countries around the world including the US, Canada, Peru, Chile, Spain, Brazil, Ecuador and Mexico.

It marks an escalation in the attacks, which last month appeared to be restricted to compromising banks in Brazil but have now spread to other targets.

 

Like many other hacking campaigns, Metamorfo begins with phishing emails that in this case claim to contain information about an invoice and invite the user to download a .ZIP file. By downloading and running the file, the victim allows Metamorfo to execute and run on a Windows machine.

After installation – and after checking to ensure it isn't running in a virtual environment or sandbox – the malware runs an Autolt script execution program. This scripting language is designed for automating the Windows graphical user interface and other general scripting – but has been used by malware as a means of bypassing antivirus detection.

Once running on the compromised Windows system, Metamorfo terminates any running browsers and then prevents any new browser windows from using auto-complete and auto-suggest in data entry fields.

This prevents the user from using auto-complete functions to enter usernames, passwords and other information, allowing the malware's keylogger functionality to collect the data the users are thus obliged to retype. It then sends that data back to a command-and-control server run by the attackers.

Metamorfo even includes a function that monitors 32 keywords associated with the targeted banks, likely so that the attackers can be alerted in real time as to when a victim is trying to access online services.

Researchers haven't revealed the keywords or the names of the financial institutions being targeted, as it's likely the Metamorfo campaign is still active.

To help protect against falling victim to attacks using the malware, users should be wary of unexpected emails and attachments, while using an antivirus product can also help detect the malware.

Ensuring that operating systems and software are both patched and up-to-date can also go a long way to stopping malware being successful as many attacks use known vulnerabilities that can be patched against.

Source: https://www.zdnet.com/article/this-crafty-malware-makes-you-retype-your-passwords-so-it-can-steal-them/

 

Want to get the best solution for your business?

At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch.

If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.