Casbaneiro

Malware updated 3 months ago (2024-06-17T20:17:37.254Z)

Download STIX

Preview STIX

Casbaneiro, also known as Metamorfo and Ponteiro, is a malicious software (malware) that primarily targets the Latin American financial sector. First emerging in 2018, it propagates mainly through mass email spam campaigns. This banking trojan infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware shows similarities with other banking trojans, such as Grandoreiro, especially in terms of their string decryption algorithm, indicating a potential sharing of information among authors of banking trojans in Latin America. The Casbaneiro malware has been observed to adopt increasingly sophisticated tactics to evade detection and execute its malicious code on compromised assets. Specifically, it has been seen using the FodHelper User Account Control (UAC) bypass method to gain full administrative privileges over infected hosts. This adoption of advanced techniques demonstrates an evolution in the threat actor's strategies. In one notable attack, the Casbaneiro banking trojan used legitimate resources hosted on Amazon AWS and GitHub to sideload a malicious DLL. To counter threats like Casbaneiro, cybersecurity solutions such as Votiro offer protection by automatically scanning and sanitizing every attachment and embedded link in an email, thereby eliminating the initial point of infection. Email protection is crucial since Casbaneiro primarily spreads via malicious emails. By providing robust security measures, these solutions significantly reduce the risk of malware infections, ensuring the safety of user data and system integrity.

Description last updated: 2024-06-17T20:17:15.359Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Metamorfo	2	Metamorfo, also known as Casbaneiro and Ponteiro, is a malicious software (malware) that has been causing significant concerns within cybersecurity circles due to its intricate methods and targeted attacks. This malware emerged in 2018, first noticed in mass email spam campaigns aimed at the Latin A

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Trojan

Malware

Spam

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Casbaneiro Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	3 months ago	17th June – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets
CERT-EU	a year ago	Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
MITRE	2 years ago	Grandoreiro: How engorged can an EXE get? \| WeLiveSecurity
CERT-EU	a year ago	Unmasking Casbaneiro: A Sneaky Cyber Threat and How Votiro Can Stop It
MITRE	2 years ago	Casbaneiro: Dangerous cooking with a secret ingredient \| WeLiveSecurity