Casbaneiro is malware was found for the first time in 2018, target user of this malware is Latin American Banks. But, ESET reports if this malware currently has a new variant that can steal Crypto. Based of
Welivesecurity.com, here is few model attacking of this malware.
1. Collecting information such as
- List of your antivirus
- OS version of your device
- Collect your usename
- Collect your computer name
- Several banking applications/software
2. Clipboard hijackingCasbaneiro can replace your clipboard, and if match with Bitcoin address, this virus will replace your address with hacker wallet address
Images from: Welivesecurity3. Cryptography - Command encryption
- String encryption
- Payload encryption
- Remote configuration data encryption
4. Distribution of this malware- Fishy financial manager updates
- What’s cooking? A fowl Windows activator
5. Do you C what I C?- Stored encrypted in the binary
- Embedded in a document
- Embedded in a crafted website
- Embedded in a legitimate website
- Generated using a fake DNS entry
6. Download & Execute functionality- Via XML document
- Via special configuration file
- Email tool
- Password stealer
Here, I am just copying based point of this virus from articles. If you need to know
how it works? You can read full article from Welivesecurity.com:
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/