Tech giant IBM is warning of a new cyberattack campaign that traps bank customers inside fake browser screens while attackers watch their sessions in real time.
Senior Threat Researcher at IBM Trusteer He says The campaign is called OverlordMX and is set for March 2026 and targets financial institutions in Latin America.
IBM says OverlordMX is an automated banking Trojan with a “man-in-the-browser” framework. Unlike many automated banking Trojans, IBM says the malware puts a Spanish-speaking agent at the center of the attack, directly monitoring each victim’s banking session.
The attack begins when the malicious script inserts hidden overlays into the victim’s web browser. IBM says the script tracks the victim’s current URL and browser information every three seconds while also checking for new commands from the attacker.
When the victim reaches a valuable moment, such as a login page, transfer screen, or one-time password prompt, the attacker can activate a fake bank-branded overlay. IBM says the screen cannot be closed through normal procedures, with no close button and blocked attempts to press ESC or click outside the window.
Overlays can collect names, phone numbers, emails, credentials, one-time passwords, and other sensitive information. IBM says one of the overlays also prompts victims to download Remote Utilities Host, a legitimate remote administration tool that the attacker misuses as a remote access Trojan.
Once installed, IBM says the operator can take control of a victim’s device, navigate the banking session, allow fraudulent transfers, and change account settings. IBM says the stolen funds are transferred to private accounts while the victim is busy at the loading screen.
The company says that the campaign’s delivery method has not yet been conclusively determined.
Follow us on X, Facebook and cable
Never miss a beat – Subscribe Get email alerts delivered directly to your inbox
browse Hodel’s daily mix
 
Disclaimer: The opinions expressed in The Daily Hodl are not investment advice. Investors should conduct due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please note that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the purchase or sale of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated image: mid-flight
