As technology and awareness of cyber attacks advance, cybercriminals have new challenges and obstacles to overcome, so it is no wonder that today’s news is flooded with new attack tactics and malware increasingly difficult to prevent. The most recent is metamorph, a Trojan specialized in attacks on bank accounts.
It is worth remembering the concept of Trojan, a malware with the appearance of a conventional and legitimate program that when opened gives the cybercriminal full access to the device. Although the metamorph was discovered in 2018, in February of this year it was identified in online banks in the United States, Canada, Chile, Spain, Brazil, Mexico and Ecuador. The problem with this malware is that it is very difficult to identify because it can take the form of a reliable or recognizable email or program, so it is best to doubt any of them and consider the following points to prevent it:
1.- Mainly focuses on the financial sector
The metamorph’s main objective is mobile banks, looking for a way to access victim devices to steal identity, steal information and be able to access accounts to obtain money.
2.- The most recurrent form of attack is through pishing
A common tactic of cyber criminals is phishing, that is, when a cyber criminal sends an email with attractive offers to the user and an executable file comes in or asks to click on a link. If the user downloads the file and executes it, the cybercriminal can have access to the device and therefore to the information within it. This is how metamorph works, sending an email with a .zip file that appears to be some query format to guarantee the download and obtain bank details.
3.- Force you to share your data
Once inside, metamorfo closes all browsers and unlocks the auto-fill of forms to force the user to re-enter their data and the cybercriminal can enter with the information collected. However, when a user tries to enter, the bank generally asks for a confirmation code that arrives via sms or Whatsapp to guarantee security. Metamorfo works by sending a false page asking for this code to obtain it and access it more easily.
4.- Also known as Casbaneiro
Before being named as a metamorph, malware with these characteristics was known as Casbaneiro, which focused on attacking services related to cryptocurrencies. Now, a renewed version has as its main objective users with mobile banking applications, but maintains the characteristics of its predecessor. You can take screenshots and send them to your C&C server, capture keystrokes to get data, and even download and install updates by yourself and run other files.
5.- Can be prevented with perimeter security strategies
Although awareness is important for preventing metamorphic malware, to protect the integrity of a company’s data, it is necessary to have devices that protect access to the private network. At Orben we have perimeter security strategy design with solutions like Deep Content Inspection to act in situations like these.
Today it is a metamorph and tomorrow it will surely be a new type of malware that will seek to avoid existing solutions, so thinking about cybersecurity has already become an obligation for every person and company that uses devices connected to the network.