Malware targeting biometric security and strong authentication observed in Brazil bank attacks
Malware known as “CamuBot” is targeting Brazilian bank customers, and may compromise biometric authentication, according to researchers with IBM’s X-Force.
The attack was first noticed in August 2018, when business banking customers were targeted with a combination of social engineering and malware tactics, IBM Executive Security Advisor Limor Kessem and IBM Threat Intelligence Analyst Maor Wiesen wrote in post on the threat. Malicious actors pose as bank personnel in a phone call to run a phony security check, and suggest the installation of a new security module, which is in fact CamuBot.
The malware app is disguised with bank logos and brand imaging to appear to be a legitimate security tool provided by the financial institution. Once it is downloaded, from a different URL and with a different file name in each attack, an executable, also with a different name in each attack, changes the rules for the target’s firewall and antivirus software. When the process is complete, the target is asked to log into the account, and the attacker intercepts the credentials.
The most notable element of the attack, however, is what happens if the endpoint is protected with a strong authentication device. In that case, the malware installs a driver for the device, and the attacker asks the victim to share it remotely. If the victim shares access to the device, the attacker can intercept one-time passwords. The attack could also bypass biometric security measures.
“According to X-Force researchers, a more concerning possibility was that the device driver deployed by CamuBot was similar to other devices supplied by the same vendor, some of which are used for biometric authentication,” the researchers write. “If the same remote sharing is authorized by a duped user, he or she could unknowingly compromise the biometric authentication process.”
The researchers compare the malware to similar software created in Eastern Europe which targets business banking customers with phishing to take over devices and accounts, such as TrickBot, Dridex, and QakBot.
IBM researchers recently created malware that harvests images from social media for biometric hacks, as it anticipates an AI vs. AI future of cybersecurity.