NEW DELHI: Cybersecurity research firm Fortinet is alerting the users about a new trojan malware which is targeting online banking users. Know as Metamorfo, this new trojan is stealing credit card information, finances, and other personal details.
As per Fortinet, till now the malware has succeeded in targeting 20 online banks in various countries around the world which include US, Canada Chile, Peru, Ecuador, Brazil, and Mexico. It is also expected that the trojan could soon spread to India as well. Last month it was restricted only to Brazil but within a month its attacks escalated to other countries.
The malware begins the attack by sending pishing emails which consist of information about an invoice and invite users to download a ZIP file. After downloading the file, the victim allows the trojan to execute and run on their Windows device. After installation, the malware runs an Autolt script execution program. The script is designed to automate Windows graphical user interface and it has been used by various malware as means of bypassing the antivirus detection.
Once the malware starts running on the Windows system, it then stops any running browsers and also prevents new browser windows from opening. After this, it also prevents the new browser windows from using auto-complete and auto-suggest data entry fields.
This action forces the victim to hand-enter data without auto-complete, such as whole URLs, along with login-name, password, and so on in the browser. This allows the malware’s key logger function to record the largest number of actions from the victim’s input.
It then sends this data to the command-and-control server run by the attackers.
Moreover, this new banking malware also includes a function that monitors 32 keywords associated with the targeted banks. These keywords alert the attacker whenever a victim is trying to access the online services in realtime.
The research firm adds that in order to protect yourself from such attacks the users should not open any suspicious emails or attachments. Also, try and use an antivirus as it can help detect the malware.