Casbaneiro Banking Malware Updated With New Stealth Features
The group responsible for the Casbaneiro banking malware has evolved its tactics to avoid detection and gain complete administrative control over infected machines. This financially motivated threat actor has implemented a User Account Control (UAC) bypass technique, granting them elevated privileges on the compromised system, indicating their adaptability to new security measures.
Although their primary focus remains on targeting Latin American financial institutions, their altered approach poses a significant risk to multi-regional financial organizations. Cybersecurity firm Sygnia warned about these changes, emphasizing the potential implications for a broader range of institutions.
Casbaneiro - Old Dog, New Tricks
Casbaneiro, also known as Metamorfo and Ponteiro, initially gained notoriety in 2018 through mass email spam campaigns targeting Latin American financial sectors. The infection process typically starts with a phishing email containing a malicious attachment. When opened, this attachment triggers a sequence of actions leading to the deployment of the banking malware. Additionally, living-off-the-land (LotL) techniques are employed to fingerprint the host and collect system metadata.
During this stage, a binary called Horabot is downloaded to propagate the infection internally among other employees within the breached organization. This helps the malicious actors maintain credibility in their phishing emails and evade detection by avoiding obvious anomalies in email headers.
Recent attack waves have shown a shift in the initial attack vector. Instead of using malicious PDF attachments with download links to ZIP files, the attackers now rely on spear-phishing emails with links to HTML files that redirect the target to download a RAR file.
These modifications in the attackers' methods underscore their determination to stay ahead of security measures and continue targeting financial institutions in the region. Organizations must remain vigilant and adapt their defenses to counter these evolving threats effectively.