Cybercriminals have recently launched a new Android trojan called BrasDex that targets Brazilian bank users. This trojan is part of a more extensive, ongoing multi-platform campaign that has been attributed to the threat players behind the Windows banking malware Casbaneiro. Dutch security firm ThreatFabric published a report last week stating that BrasDex has “a very capable Automated Transfer System (ATS) engine” and “a complicated keylogging system designed to abuse Accessibility Services in order to extract credentials especially from a list of Brazilian targeted apps.”
BrasDex Malware: A Complex Keylogging System
One of the significant features of BrasDex is its focus on the PIX payments platform, which allows Brazilian banking customers to make money transfers using their email addresses or phone numbers. The ATS system in BrasDex has been specifically designed to abuse PIX technology in order to make fraudulent transfers. Well, you must know that the instant payment ecosystem has been targeted by cybercriminals before. Check Point detailed two Android malware families, in September 2021, PixStealer and MalRhino, that tricked users into transferring their entire account balances to a cybercriminal-controlled account.
ThreatFabric’s investigation into BrasDex also allowed them access to the command-and-control (C2) panel used by the criminal operators to track infected devices and retrieve data logs exfiltrated from Android phones. This C2 panel is also being used to monitor a different malware campaign that compromises Windows machines in order to deploy Casbaneiro, a Delphi-based financial trojan.
Casbaneiro: A Windows-Based Financial Trojan
This attack chain uses package delivery-themed phishing, which is to lure purporting from Correios, a state-owned postal service in Brazil, in order to trick users into executing the malware following a multi-staged process. Casbaneiro possesses a variety of features that are typical of backdoors, such as the capacity to take control of banking accounts, take screenshots, perform keylogging, hijack clipboard data, and work as a clipper malware to steal cryptocurrency transactions.
According to a statement made by ThreatFabric, “Both BrasDex and Casbaneiro belong to their own distinct and fully developed families of malware. create a very dangerous combination, allowing the actor behind them to target Android and Windows users on a big scale”. “The BrasDex scandal demonstrates the importance of having fraud detection and prevention methods installed on the devices used by customers: Because fraudulent payments are made through the same device that is typically used by customers, bank backends and fraud scoring engines are fooled into thinking that the payments are legal when they are done automatically with the assistance of ATS engines.”
The Ongoing Threat of Multi-Platform Malware in the LATAM Region
The mobile malware landscape of the Latin American and Caribbean (LATAM) region, particularly Brazil, has recently gained attention due to families like Brata and Amextroll, which have extended their reach to Europe. On the other hand, not all malicious software created in South America is geared toward the European market.
Analysts from ThreatFabric uncovered an ongoing malware campaign that targeted mobile and desktop users in Brazil, resulting in an estimated loss of hundreds of thousands of dollars. The campaign targeted many platforms. The campaigns involving BrasDex and Casbaneiro demonstrate the ongoing threat of malware targeting both Android and Windows users in the LATAM region, particularly Brazil. These types of attacks can have significant financial consequences for both individuals and businesses, as the malware is designed to steal credentials and initiate fraudulent transactions.
Protecting Against Cyber Threats: Tips for Individuals and Organizations
It is essential for individuals and organizations to protect themselves against these types of threats by implementing strong cybersecurity measures, such as regularly updating their devices and software, using antivirus software, and being cautious when opening emails or downloading attachments from unknown sources. It is essential to maintain vigilance when it comes to the protection of personal and financial information, as well as to be knowledgeable of the most current strategies and methods utilized by cybercriminals.
Staying Informed About Cybersecurity Threats and Trends
One way to stay informed about the latest tactics and techniques used by cybercriminals is to regularly read about cybersecurity threats and trends. This can help individuals and organizations understand the types of threats that they may face and the best ways to protect against them. Some sources of information about cybersecurity threats and trends include cybersecurity blogs, industry news outlets, and cybersecurity conferences.
In addition to staying informed, it is essential to remain vigilant in protecting personal and financial information. This includes taking steps such as using strong, unique passwords for all online accounts, enabling two-factor authentication whenever possible, and avoiding clicking on links or downloading attachments from unknown sources. It is extremely important to be careful when entering personal or financial information online, such as when making online purchases or accessing online banking services.
Another way to protect against cyber threats is to use cybersecurity software, such as antivirus software and firewall protection. These types of software can help to prevent malware from being downloaded onto a device and can also alert users to any potential threats. It is essential to keep this software up to date to ensure that it is effective against the latest threats.
The Importance of Strong Cybersecurity Measures
In overview, the emergence of the BrasDex trojan and the ongoing multi-platform malware campaign targeting both Android and Windows users in the LATAM region highlight the importance of strong cybersecurity measures. It is essential for individuals and organizations to stay informed about the latest threats and to implement effective measures to protect against them.
To stay informed about the latest threats, individuals and organizations can regularly read about cybersecurity threats and trends, attend cybersecurity conferences and workshops, and follow cybersecurity experts and industry news outlets on social media. In addition to staying informed, it is also important to take proactive measures to protect against cyber threats, such as using strong, unique passwords, enabling two-factor authentication, and using antivirus and firewall software.
Organizations can also implement robust cybersecurity measures, such as training employees on cybersecurity best practices, regularly updating software and devices, and implementing strong passwords and two-factor authentication. By taking these steps, individuals and organizations can better protect themselves against cyber threats and minimize the chances of becoming cyber-attack victims.
It is essential to remember that cyber threats are constantly evolving, and it is vital to stay vigilant and proactive in protecting against them. By staying informed and implementing effective cybersecurity measures, individuals and organizations can better protect themselves and their sensitive information from cyber-attacks.
