Casbaneiro

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Casbaneiro, also known as Metamorfo and Ponteiro, is a notorious malware that first surfaced in 2018 through mass email spam campaigns primarily targeting the Latin American financial sector. This malicious software is designed to exploit and damage computer systems, often infiltrating without the user's knowledge via suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Casbaneiro shares similarities with other banking trojans such as Grandoreiro, especially in terms of their string decryption algorithm, suggesting information sharing among authors of banking trojans in Latin America. In an evolution of tactics aimed at avoiding detection and executing malicious code on compromised assets, the threat actors behind Casbaneiro have been observed using a User Account Control (UAC) bypass technique to gain full administrative privileges on infected machines. This method, known as the FodHelper UAC bypass, has been adopted by various financially motivated threat actors. Unlike Amavaldo, which automatically registers large numbers of email accounts, Casbaneiro is used to create and send spam messages. To mitigate the risk of Casbaneiro and similar malware threats, advanced cybersecurity solutions like Votiro are recommended. Votiro’s email protection solution automatically scans and sanitizes every attachment and embedded link in an email, thereby eliminating the initial point of infection. By layering link removal and file sanitization, these solutions can effectively prevent Casbaneiro from infiltrating systems. The continued evolution of these malware programs underscores the importance of robust, adaptive cybersecurity measures.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Metamorfo
2
Metamorfo, also known as Casbaneiro and Ponteiro, is a malicious software (malware) that has been causing significant concerns within cybersecurity circles due to its intricate methods and targeted attacks. This malware emerged in 2018, first noticed in mass email spam campaigns aimed at the Latin A
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware
Spam
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Casbaneiro Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Casbaneiro: Dangerous cooking with a secret ingredient | WeLiveSecurity
CERT-EU
9 months ago
Unmasking Casbaneiro: A Sneaky Cyber Threat and How Votiro Can Stop It
MITRE
a year ago
Grandoreiro: How engorged can an EXE get? | WeLiveSecurity
CERT-EU
10 months ago
Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
CERT-EU
10 months ago
New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets