FB pixel

Malware targeting biometric security and strong authentication observed in Brazil bank attacks

| Chris Burt
Categories Access Control  |  Biometrics News
 

Malware known as “CamuBot” is targeting Brazilian bank customers, and may compromise biometric authentication, according to researchers with IBM’s X-Force.

The attack was first noticed in August 2018, when business banking customers were targeted with a combination of social engineering and malware tactics, IBM Executive Security Advisor Limor Kessem and IBM Threat Intelligence Analyst Maor Wiesen wrote in post on the threat. Malicious actors pose as bank personnel in a phone call to run a phony security check, and suggest the installation of a new security module, which is in fact CamuBot.

The malware app is disguised with bank logos and brand imaging to appear to be a legitimate security tool provided by the financial institution. Once it is downloaded, from a different URL and with a different file name in each attack, an executable, also with a different name in each attack, changes the rules for the target’s firewall and antivirus software. When the process is complete, the target is asked to log into the account, and the attacker intercepts the credentials.

The most notable element of the attack, however, is what happens if the endpoint is protected with a strong authentication device. In that case, the malware installs a driver for the device, and the attacker asks the victim to share it remotely. If the victim shares access to the device, the attacker can intercept one-time passwords. The attack could also bypass biometric security measures.

“According to X-Force researchers, a more concerning possibility was that the device driver deployed by CamuBot was similar to other devices supplied by the same vendor, some of which are used for biometric authentication,” the researchers write. “If the same remote sharing is authorized by a duped user, he or she could unknowingly compromise the biometric authentication process.”

The researchers compare the malware to similar software created in Eastern Europe which targets business banking customers with phishing to take over devices and accounts, such as TrickBot, Dridex, and QakBot.

IBM researchers recently created malware that harvests images from social media for biometric hacks, as it anticipates an AI vs. AI future of cybersecurity.

Article Topics

 |   |   | 

Latest Biometrics News

 

Ring and Flock call off integration as scrutiny of camera-to-police partnership intensifies

Amazon-owned Ring and Flock Safety have canceled their planned partnership, stepping back from an integration that would have linked one…

 

MOSIP pursues democratization of digital identity with unconference conversations

A democratic vision of digital identity is central to the non-profit, open-source mandate of MOSIP. As the organization and the…

 

Liveness is king: FaceTec’s Jay Meier in conversation with Chris Burt 

It’s best, says Jay Meier, to think about identity management as a system of symbiotic systems. Which is to say,…

 

Ofcom fines Kick, threatens 4chan as OSA enforcement steadily dials up

UK regulator Ofcom has faced criticism for being too slow and lenient with its power to enforce the Online Safety…

 

Innovatrics, ROC improve rankings in NIST ELFT, rising to 2 and 3 respectively

Innovatrics is celebrating success in the latest National Institute of Standards and Technology (NIST) Evaluation of Latent Fingerprint Technologies (ELFT)…

 

Meta plans launch of facial recognition to smart glasses in ‘dynamic political environment’

Meta is reportedly planning to roll out facial recognition capabilities for its smart glasses as early as this year, taking…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events