A banking malware that is “well-camouflaged” and “nearly invisible” to cyber threat detection systems is on the loose in Latin America, according to tech giant IBM.
Senior threat researcher Itzhak Chimino says IBM uncovered a banking trojan known as UnregStealer that is targeting Latin American banks while posing as a Chrome browser extension. According to Chimino, UnregStealer deceives users into installing it by tricking them into updating their Secure Sockets Layer (SSL) certificate.
“Based on the executable naming convention and delivery pattern, victims are most likely presented with what appears to be a security warning informing them that their browser requires a mandatory SSL certificate update…
…The “certificate” is entirely fabricated, and no such browser requirement exists. It is simply a convincing cover story to get the victim to run an executable.”
When a user is browsing the internet, the malware runs a script that checks whether the victim is visiting one of the websites listed among the targeted banking portals, says IBM. If so, the malware then steals session cookies for the banking website the victim is visiting. Each time a field is clicked and information is entered, the malware captures privileged information such as passwords, one-time passwords and account numbers. Once the information is captured, UnregStealer’s next course of action is determined by its human operator.
“This trojan involves a real operator, who watches each victim session live and pulls the trigger manually. This variation makes the campaign nearly invisible to sandboxes and behavioral detection systems that never see the payload activate.”
According to Chimino, the UnregStealer banking malware has the capacity and potential to pose a bigger threat.
“The infrastructure patterns observed suggest an operator with the capability and motivation to expand targeting beyond what this investigation has confirmed.”
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
The post IBM Issues Warning on ‘Well-Camouflaged’ Bank Malware That’s Draining Login Credentials appeared first on The Daily Hodl.
A banking malware that is “well-camouflaged” and “nearly invisible” to cyber threat detection systems is on the loose in Latin America, according to tech giant IBM. Senior threat researcher Itzhak Chimino says IBM uncovered a banking trojan known as UnregStealer that is targeting Latin American banks while posing as a Chrome browser extension. According to
The post IBM Issues Warning on ‘Well-Camouflaged’ Bank Malware That’s Draining Login Credentials appeared first on The Daily Hodl. Scams, Hacks & Breaches, bank, Hack, malware, News
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.