New Trojan horse targets banks in Brazil, Mexico and Spain

A new family of Latin American malware targets banking institutions in Brazil, Mexico and Spain. Numando is able to remotely control the user’s computer, allowing an attacker to perform operations, in addition to displaying false fields on the screen, so that the victim is prompted to hand over credentials and other personal data that allow fraud.

  • New Ghost Hand attack allows criminals to use cell phone as the owner
  • These are the methods most used by criminals to discover passwords
  • Brazil is experiencing an epidemic of digital attacks in city halls

The warning for a threat with “many possibilities” comes from the security experts at ESET, who revealed some of the options available for the pest controllers. Criminals use legitimate websites, such as YouTube videos or code posts on Pastebin, to host the commands that are accessed by Numando, leading to different actions that can be taken with it according to the need of the moment.

Phishing pages and emails serve as the initial vector, with a ZIP-formatted file that performs the trojan installation — cases were also found where malicious delivery happened from images in BMP format. Then, according to the controls received, Numando can control the mouse and keyboard directly, perform actions on the computer or remain sneaky, displaying overlays that prevent the victim’s access to legitimate websites, take screenshots of certain domains, eliminate processes related to security software and capture credentials, which can be used for improper manipulation of accounts and financial services.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

“It’s like a thief broke into a house, installed hidden cameras, tapped the phones and even made a hidden passage” , explains Luli Rosenberg, ethical hacker and professor at CySource, a cybersecurity research and reference center. He also points out the use of data and information obtained in addition to bank fraud and also in cases of extortion, blackmail or access to confidential systems of large companies.

Example of video posted on YouTube, with which Numando connected to receive commands and remotely control infected computers (Image: Playback/ESET)

Despite its international presence, Numando’s main focus is Brazil, with campaigns focused on Spanish-speaking countries being cited as rare by ESET. On the other hand, it is malware that still seems to be without its initial stages, with the security company’s warning also involving complaints about the videos and pages used to control the pest, which were taken down by the services — nothing prevents, of course, that new ones may appear to send orders to new instances of the trojan.

Basic tips

Although it has a more sophisticated performance, normal digital security hygiene can serve to prevent contamination. As Numando usually arrives via phishing emails, the ideal is that users do not click on links that arrive via email or instant messengers, always evaluating the senders and the veracity of the information if necessary.

Rosenberg also cites user awareness as a way to avoid attacks, with initiatives that explain the danger and help separate fraudulent messages from real ones. The professor also mentions the work alongside the platforms, which can maintain scanning systems that automatically take down publications used for control, thus breaking one of the essential legs for the operation of malicious campaigns.

Source: ESET

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

660 660

660

Related Articles

Back to top button