This Bitcoin Stealing Malware Masquerades as Other Programs

Michael LaVere
  • Casbaneiro malware pretends to be other programs once downloaded. 
  • Virus collects information on victims and tricks them into entering sensitive login information. 

The Casbaneiro malware program has been found to masquerade as other programs such as Spotify and Whatsapp while collecting banking and crypto information on victims. 

Crypto Malware Tricking Victims

According to a report compiled by cybersecurity company ESET, the Casbaneiro malware is apart of a broader family of viruses that were first detected in May 2018. The malware primarily targets users of Latin American banks, particularly in Brazil and Mexico. However, several variants have been identified that are designed to steal user’s crypto. 

ESET’s research found that the malicious code is typically transmitted through email links and attachments.

Once downloaded, the malware masquerades as other common programs, such as Google Drive, Spotify or Whatsapp. Victims are also being scammed by downloads that resemble legitimate financial software updates, only to have their computer’s infected with the malware. 

Compared to other viruses, which ultimately ransom victims for crypto to regain access to their files or prevent them from being deleted, Casbaneiro is more subtle.

The malware acts by collecting information on victims and detects what banking applications or websites the users operate. The program then generates pop-ups that resemble the actual websites being used by the victim, prompting them to enter sensitive login or banking information, including those for cryptocurrency exchanges. 

Featured Image Credit: Photo via Pexels.com