FB pixel

Malware targeting biometric security and strong authentication observed in Brazil bank attacks

| Chris Burt
Categories Access Control  |  Biometrics News
 

Malware known as “CamuBot” is targeting Brazilian bank customers, and may compromise biometric authentication, according to researchers with IBM’s X-Force.

The attack was first noticed in August 2018, when business banking customers were targeted with a combination of social engineering and malware tactics, IBM Executive Security Advisor Limor Kessem and IBM Threat Intelligence Analyst Maor Wiesen wrote in post on the threat. Malicious actors pose as bank personnel in a phone call to run a phony security check, and suggest the installation of a new security module, which is in fact CamuBot.

The malware app is disguised with bank logos and brand imaging to appear to be a legitimate security tool provided by the financial institution. Once it is downloaded, from a different URL and with a different file name in each attack, an executable, also with a different name in each attack, changes the rules for the target’s firewall and antivirus software. When the process is complete, the target is asked to log into the account, and the attacker intercepts the credentials.

The most notable element of the attack, however, is what happens if the endpoint is protected with a strong authentication device. In that case, the malware installs a driver for the device, and the attacker asks the victim to share it remotely. If the victim shares access to the device, the attacker can intercept one-time passwords. The attack could also bypass biometric security measures.

“According to X-Force researchers, a more concerning possibility was that the device driver deployed by CamuBot was similar to other devices supplied by the same vendor, some of which are used for biometric authentication,” the researchers write. “If the same remote sharing is authorized by a duped user, he or she could unknowingly compromise the biometric authentication process.”

The researchers compare the malware to similar software created in Eastern Europe which targets business banking customers with phishing to take over devices and accounts, such as TrickBot, Dridex, and QakBot.

IBM researchers recently created malware that harvests images from social media for biometric hacks, as it anticipates an AI vs. AI future of cybersecurity.

Article Topics

 |   |   | 

Latest Biometrics News

 

EU Council advances business wallet framework for corporate digital identity

European Business Wallets could create a market for rapid online authentication and risk intelligence checks to replace inefficient manual checks…

 

Yoti presses universities for evidence, weighs legal action over age assurance paper

Yoti has escalated its dispute with academics from Georgia Tech and UC Irvine, sending a second letter pressing the universities…

 

FOSI reports suggest support growing for Australia’s social media age minimum

The Australian experiment in establishing a minimum age for using social media presents two large problems for those who frame…

 

Frontex warns EES border queues could persist for another two years

The EU’s biometric-based Entry-Exit System (EES) may continue to cause long queues at borders for another two years, a Frontex…

 

Europe moves to secure sovereign cybersecurity and chips

Europe’s push for sovereignty over its digital systems has new developments in cybersecurity and semiconductor manufacturing. New initiatives from Palo…

 

Nigeria links digital identity ambitions to digital sovereignty agenda

Nigeria is increasingly framing digital identity, data infrastructure and online services as matters of digital sovereignty, as the country seeks…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events