Experts On New Banking Trojan Tricks Users To Retype Passwords Only For Them To Be Stolen

By   ISBuzz Team
Writer , Information Security Buzz | Feb 07, 2020 07:33 am PST

A trojan malware campaign is targeting online banking users around the world with the aim of stealing credit card information, finances and other personal details. Detailed by cybersecurity researchers at Fortinet, the Metamorfo banking trojan has targeted users of over 20 online banks in countries around the world including the US, Canada, Peru, Chile, Spain, Brazil, Ecuador and Mexico. It marks an escalation in the attacks, which last month appeared to be restricted to compromising banks in Brazil but have now spread to other targets.


Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Justin Fox
Justin Fox , Director of DevOps Engineering
February 7, 2020 3:43 pm

Banks and consumers are under continuous attacks by cybercriminals that will try to find any crack in defences to track and step in the middle between consumers and banks. While banks are employing various technologies to identify the true customer online, they just can’t protect them when hackers target consumers. Experts advise never to click on an attachment sent to you, but time and again cybercriminals come up with the most sophisticated method to trick the end user into clicking. From the moment a user receives the malicious email in their inbox, the clock is ticking – most users will click on links and provide their information, or open a malware infected document without thinking twice. Once they do, their credentials are immediately harvested for hackers to leverage or sell on the Dark Web. Educating end users is clearly not enough, nor is the deployment of technical countermeasures to protect end users.

Last edited 4 years ago by Justin Fox
Javvad Malik
Javvad Malik , Security Awareness Advocate
February 7, 2020 3:36 pm

This is a particularly sly method by which the trojan captures passwords when users enter them. Something that won\’t raise suspicions of most people infected.

Coupled with the fact that it uses anti virus evasion techniques makes it even more likely to succeed.

Therefore, the best chance lies in preventing users being infected in the first place. As this, like much malware, arrives via a phishing email. It becomes increasingly important for users to receive up to date, and regular security awareness and training in order that they can spot and report phishing attacks. If users can avoid falling for phishing emails, they can protect themselves and their organisations from the majority of malware.

Last edited 4 years ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x