CamuBot

Description

(IBM) Unlike other malware operated in Brazil, CamuBot is a defined new code. Very different from typical banking Trojans, CamuBot does not hide its deployment. On the contrary, it is very visible, using bank logos and overall brand imaging to appear like a security application. It thus gains victims’ trust and leads them to install it without realizing they are running an installation wizard for a Trojan horse.

CamuBot is more sophisticated than the remote-overlay type malware commonly used in fraud schemes targeting users in Brazil. Instead of simplistic fake screens and a remote access tool, CamuBot tactics resemble those used by Eastern European-made malware such as TrickBot, Dridex and QakBot, each of which focuses on business banking and blends social engineering with malware-assisted account and device takeover.

Names

Name
CamuBot

Category

Malware

Type

• Banking trojan
• Credential stealer

Information

• https://securityintelligence.com/camubot-new-financial-malware-targets-brazilian-banking-customers/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.camubot

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:camubot

Other Information

Uuid

422aed98-ce3d-43cd-b756-d7b0e00731a8

Last Card Change

2020-05-24