Client Maximus: New Remote Overlay Malware Highlights Rising Malcode Sophistication in Brazil
This
post was co-authored with IBM X-Force researchers Or Safran and Lior Keshet.
---
The
Brazilian malware landscape is notorious for its plethora of Delphi-based code
and overall lack of sophistication. But much like the Russian-speaking malware
scene, Brazilian cybergangs have been using better malware, such as the
recently discovered Client Maximus, in their attacks.
In the
summer of 2016, malware like Zeus Panda and Sphinx were spotted in Brazil.
Those were followed by intensifying infection campaigns, all targeting
Brazilian banks and payment platforms, according to data from IBM X-Force
Security Research. Later in the year year, our researchers spotted a new,
real-time phishing attack in Brazil, which introduced automation and agility to
classic phishing attacks.
It
quickly became clear that cybercriminals in Brazil are collaborating with
counterparts from other, more sophisticated threat landscapes and importing
code and expertise to launch attacks in their own country.
Enter Client Maximus
We
recently encountered a case in Brazil that reflects this ongoing trend. Client
Maximus is a new malware code that appears to have been written specifically
for attacks on Brazilian banks. The malware was recently analyzed alongside
other components related to it, leading to further findings and a greater
overall understanding of the growing sophistication of cybercrime tools in
Brazil.
The
purpose of the Client Maximus malware is financial fraud. As such, its code
aspires to create the capabilities that most banking Trojans have, which allow
attackers to monitor victims’ web navigation and interrupt online banking
session at will. After taking over a victim’s banking session, an attacker
operating this malware can initiate a fraudulent transaction from the account
and use social engineering screens to manipulate the unwitting victim into
authorizing it.
Check
out the infection routine and further info here.
Comments
Post a Comment