Bitcoin Forum

Casbaneiro is malware was found for the first time in 2018, target user of this malware is Latin American Banks. But, ESET reports if this malware currently has a new variant that can steal Crypto. Based of Welivesecurity.com (https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/), here is few model attacking of this malware.

1. Collecting information such as

• List of your antivirus
• OS version of your device
• Collect your usename
• Collect your computer name
• Several banking applications/software

2. Clipboard hijacking
Casbaneiro can replace your clipboard, and if match with Bitcoin address, this virus will replace your address with hacker wallet address
https://www.welivesecurity.com/wp-content/uploads/2019/09/Figure03_BitcoinWallet.png
Images from: Welivesecurity


3. Cryptography

• Command encryption
• String encryption
• Payload encryption
• Remote configuration data encryption

4. Distribution of this malware

• Fishy financial manager updates
• What’s cooking? A fowl Windows activator

5. Do you C what I C?

• Stored encrypted in the binary
• Embedded in a document
• Embedded in a crafted website
• Embedded in a legitimate website
• Generated using a fake DNS entry

6. Download & Execute functionality

• Via XML document
• Via special configuration file
• Email tool
• Password stealer

Here, I am just copying based point of this virus from articles. If you need to know how it works? You can read full article from Welivesecurity.com: https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/