CamuBot
CamuBot is a threat that was first reported on September 6, 2018. CamuBot is distributed in the guise of a 'security module.' The way in which CamuBot is being distributed is through social engineering campaigns. The criminals responsible for CamuBot target costumers of various banks located in Brazil. The victims of CamuBot will receive phone calls, emails, or messages via social media. Typically, the criminals, who will pretend to be bank employees, will trick the victims. The callers will claim that the victims need to install a new 'security module' to keep their online banking account safe. The supposed 'security module' is CamuBot, which is used to collect private information, such as the victim's account password, login information and other data.
Table of Contents
How CamuBot is Delivered to the Victim’s Computer
The criminals contacting the victims will use social engineering tricks to convince the victims to connect to a fake version of the banking website, typically in the form of a bogus verification page. When the victim connects to this website, a pop-up notification appears claiming that the victim does not have the 'security module.' The pop-up notification will then download CamuBot automatically onto the victim's computer. This Trojan is delivered as a supposed authentication application for the victim's bank. Essentially, CamuBot is precisely what these authentication systems are designed to prevent or remove. For CamuBot to be installed on the victim's computer, it requires admin access. Because of this, the victim will need to authorize its installation in most cases. The criminals responsible for the CamuBot attack will try to convince the victim to open a phishing page designed to mimic the victim's bank's website. When the computer users enter their usernames and passwords into the fake banking website, the criminals will collect this data and then use it to clean out the victim's bank accounts.
Detailing the CamuBot Attack
If CamuBot is running in the background, the criminals can access the victim's computer and log into the victim's bank account. CamuBot runs in the form of an executable file named 'Módulo de Atualização (32bit).exe' and is published by FabulaTech supposedly. CamuBot will show up in the Control Panel program list as 'USB over Network 5.2.2.' PC security researchers counsel computer users to take steps to remove CamuBot and use a resilient security program that is fully up-to-date to perform a full scan of the compromised computer. One of the main aspects of CamuBot is that it allows criminals to bypass various account protections since it takes over the victim's computer. Part of dealing with the CamuBot attack will involve confirming that your bank account has not been compromised, monitoring it, and working with your bank to ensure that any fraudulent transactions are reversed.
Protecting Yourself from Threats Like CamuBot
One of the main dangers of CamuBot is that it carries out a large-scale attack that involves a combination of phone calls corrupted websites, and other social engineering tactics. The full extent of the CamuBot tactic can be enough to convince most computer users that it is a legitimate program. Furthermore, CamuBot has various advanced features that allow CamuBot to bypass the firewall and security software rules, posing as a secure program on the victim's computer. This makes CamuBot more sophisticated than most banking Trojans that are being used to target Brazilian computer users today. CamuBot has more in common with some of the threats that, until before, had mostly been limited to attacks located in Eastern Europe. Some of the threats that are similar to CamuBot include banking Trojans like TrickBot, Dridex and QakBot, all of which have operated in Europe mainly.
