Antivirus Firm, ESET, Reveals Cryptojacking Trojan Targeting Cryptocurrency Users
A new type of banking Trojan is rampant in the Latin American region that may steal your cryptocurrency assets. ESET, a Slovakian based antivirus company, announced on Oct. 2 a new virus, Casbaneiro, also referred to as Metamorfo, is attacking banking services and personal cryptocurrency wallets. According to a blog post by ESET, the Trojan uses “social engineering methods” whereby fake pop-up windows appear and trick the user into entering personal or sensitive information which is used to access financial accounts – fiat and crypto.
Casbaneiro prevalent in Latin American countries – especially Brazil and Mexico (Image: WeLiveSecurity)
A Hike in Cryptocurrency Adoption
The Latin and South American region is slowly seeing a growth in adoption rates of Bitcoin as a safe haven asset against their fiat currencies. With the increase in volumes stored, so do the risk in storing it and these hackers are maximizing on the opportunity to trick new users into losing their coins to them.
The current family of Casbaneiro virus attacks the users’ clipboard data and gives the attackers the ability to rewrite and replace them with their own data. Bitcoin transfers may be hijacked by replacing your copied public address on the clipboard to an attackers’ address. When you paste and send the Bitcoins, they are sent to the attacker.
Close to the Amavaldo Virus Family
According to the blog post published on We Live Security, the Casbaneiro virus works similarly to the Amavaldo virus family. The report states,
“Both pieces of malware use the same, uncommon cryptographic algorithm in the injector component, they have used a very similar PowerShell script in one of their campaigns and they have been seen distributing a very similar email tool.”
Beware of Crypto Stealing Malware
In September, BEG reported a new case of Linux malware that mined crypto on users’ computers without their knowledge. Discovered by TrendMicro, the “very complex malware” attacks users using a secret master password and by masking its mining activities with fake network traffic.