Jump to content

Banking Trojan Metamorfo Hijacks Trusted Apps to Run Malware

TempestCatto
By TempestCatto
in Tech News
 Share
Posted
Quote

Metamorfo is a family of banker Trojans that has been active since mid-2018. It primarily targets Brazilians and is delivered mostly through Office files rigged with macros in spam attachments. Metamorfo is a potent piece of malware, whose primary capability is theft of banking information and other personal data from the user and exfiltration of it to the C2 server.

While not new, it's still evolved and adapting.

 

Quote

Metamorfo currently uses an extremely effective technique called DLL hijacking to conceal its presence on the system and elevate its privileges on the target computer. We also noticed that the malware tries to download other files from the C2 server, suggesting that it could download an updated version of itself with an extended command set as well.

Makes you wonder then, could you block that C2 server via PiHole?

 

Quote

While monitoring the Metamorfo campaign, we saw the attack abuse 5 different software components manufactured by respected software vendors. They come from Avira, AVG and Avast, Damon Tools, Steam and NVIDIA. Some components in these products load DLL files without ensuring that the files loaded are legitimate. This way, the malicious code is loaded and executed by a trustworthy process, so users will suspect nothing if they ever bring up Task Manager. Additionally, some security solutions will fail to detect malicious code or block communication at the firewall level, as the initiating process is likely whitelisted as trustworthy.

Some big names in there including Steam and Nvidia. Fuck dude...

 

 

Well, I know I certainly use at least three of the affected softwares from those vendors. May just have to take some extra security steps this time around.

There's also a whole research paper written on this, which you can find via the Chicken Alfredo Sauce: https://labs.bitdefender.com/2020/06/banking-trojan-metamorfo-hijacks-trusted-apps-to-run-malware/

 

 

This news post is brought to by Honey. Honey is the free browser extension that saved thousands for shoppers everywhere, from Walmart to Amazon, Honey can save you money. Go to https://www.joinhoney.com/linus to start saving today!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Why is it targeting Brazilians? Seems kinda random to choose them.

--Dominik W

 

(What else do you need, this is just a signature, plus I have them disabled 😅)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, TempestCatto said:

Yes ;-;

should i ship it or nah?

✨FNIGE✨

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
8 hours ago, SlimyPython said:

should i ship it or nah?

That would be up to her, but I'd be fine with that.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

 

C935FB4D-6D87-4825-8E15-6988DB1A910A.thumb.jpeg.198c6879c19a4fdb4951cbf6b42ae7ef.jpeg

 

behold “princess Luna the permanently under appreciated”

 

could be a wholly different being that is being talked about of course.

Not a pro, not even very good.  I’m just old and have time currently.  Assuming I know a lot about computers can be a mistake.

 

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×