Banking malware that is “well camouflaged” and “almost invisible” to cyber threat detection systems is on the loose in Latin America, according to technology giant IBM.
Senior Threat Researcher Isaac Cimino He says IBM has unveiled a banking Trojan known as UnregStealer that targets Latin American banks while pretending to be a Chrome extension. According to Chimino, UnregStealer tricks users into installing it by tricking them into updating their SSL certificate.
“Based on the executable’s naming convention and delivery pattern, victims will likely be presented with what appears to be a security warning informing them that their browser requires a mandatory SSL certificate update…
…the certificate is completely fabricated, and there is no such requirement for the browser. It is simply a disguised cover story to get the victim to run an executable file.
When a user browses the Internet, the malware runs a script that checks whether the victim is visiting one of the websites listed among the targeted banking portals, IBM says. If so, the malware then steals the session cookies of the banking website the victim is visiting. Every time a field is clicked and information is entered, the malware captures privileged information such as passwords, one-time passwords, and account numbers. Once the information is captured, UnregStealer’s next course of action is determined by the human operator.
“This Trojan includes a real trigger, which monitors each live victim session and manually pulls the trigger. This difference makes the campaign almost invisible to sandboxes and behavioral detection systems that never see the payload activated.”
According to Chimino, UnregStealer banking malware has the capacity and potential to pose a greater threat.
“The infrastructure patterns observed suggest the presence of an operator with the ability and incentive to expand targeting beyond what this investigation has confirmed.”
Follow us on X, Facebook and cable
Never miss a beat – Subscribe Get email alerts delivered directly to your inbox
browse Hodel’s daily mix
 
Disclaimer: The opinions expressed in The Daily Hodl are not investment advice. Investors should conduct due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please note that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the purchase or sale of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated image: mid-flight
