Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
Jul 25, 2023
Malware / Cyber Threat
The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control ( UAC ) bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code on compromised assets. "They are still heavily focused on Latin American financial institutions, but the changes in their techniques represent a significant risk to multi-regional financial organizations as well," Sygnia said in a statement shared with The Hacker News. Casbaneiro , also known as Metamorfo and Ponteiro, is best known for its banking trojan, which first emerged in mass email spam campaigns targeting the Latin American financial sector in 2018. Infection chains typically begin with a phishing email pointing to a booby-trapped attachment that, when launched, activates a series of steps that culminate in the deployment of the bankin...
