A new financial malware is targeting dozens of major Brazilian banks. Dubbed EmbusteBot, it employs specific schemes for different banks and allows attackers to gain full control of a victim’s endpoint.
The malware’s name comes from the Portuguese word “Embuste”, meaning a hoax or scam. It’s an accurate moniker: EmbusteBot is designed to find out which browser window runs on a victim’s machine; find a match for the window title in a list of targeted banks and bank applications; take over a victim’s endpoint, using fake overlays in some cases; and ultimately launch fraudulent transactions from the victim’s bank accounts.
“Our ongoing observations of the Brazilian cyber-criminal landscape have revealed a perpetual rise in new malicious campaigns in this region of the world, especially those targeting online banking and payment platforms,” said IBM researcher Maksim Shudrak, in an analysis.
He added that EmbusteBot’s most likely delivery path lies in malware-laden email spam.
“The past several years show that the Brazilian cyber-criminal scene has come a long way in terms of using malware to facilitate bank fraud,” Shudrak added. “Fraudsters continue to adopt various techniques to infect more potential victims. EmbusteBot is not fully generic in its activity against banks like other malware of its kind. Rather, it can add selective strategies against different bank clients while targeting the largest banks in Brazil.”