Attackers Employ Social Engineering to Distribute New Banking Trojan

Unknown attackers have begun using a sophisticated, new banking Trojan, dubbed CamuBot, to steal money from the business customers of several major banks in Brazil, a country sometimes used as a testing ground for financial malware that is about to be launched globally.

IBM X-Force security researchers, who have been tracking the threat, this week described the CamuBot campaign as a combination of highly targeted social engineering with malware-assisted account and device takeover. The malware operators have been getting victims to download CamuBot on their systems by disguising it as a required security module — complete with logos and brand imaging — from their banks.

Book a demo today to see GlobalDots is action.

Optimize cloud costs, control spend, and automate for deeper insights and efficiency.

Book a demo today to see GlobalDots is action.

Troublingly, CamuBot has functionality that suggests it has the ability to hijack device driver controls for fingerprint readers, USB keys, and other third-party security peripherals that banks often use as an additional mechanism for authenticating users.

The attackers have typically targeted individuals who are the most likely owners of their organizations’ bank account credentials. They identify themselves as bank employees and ask the victim to browse to a location for checking whether his company’s bank security module is up to date. The validity check always comes up negative, and the targeted individual is then tricked into downloading an “updated” version of the module.

If the victim downloads the module, a fake application appears in the foreground while CamuBot is silently installed in the background and establishes a connection with its command-and-control server. The victim is then redirected to what appears to be his bank’s online portal, where he is prompted to enter his login credentials, which are promptly captured by the attackers.

A close-up of a computer screen displaying code,likely JavaScript,with various functions and syntax.
Image Source

Read more: Dark Reading

Latest Articles

MVP to Production-Grade: How to Fix Scaling Bottlenecks Before They Break You

This webinar & podcast are built for founders, CTOs, and VPs navigating the critical shift from MVP to production-grade infrastructure. Learn how to avoid scaling pitfalls, build resilient systems without over-hiring, and make the right decisions now to support rapid, sustainable growth. Join us to unlock practical strategies and real-world lessons from companies that have […]

Ganesh The Awesome
12th June, 2025
SAST vs DAST vs IAST: Application Security Testing Explained

A great majority of security flaws are introduced during development, but most aren’t found until much later, when they’re costlier to fix. That delay is precisely why application security testing (AKA AppSec testing) needs to occur early, frequently, and at multiple layers. SAST, DAST, and IAST are designed to do just that. But too often, […]

Shalom Carmel
10th June, 2025
Application Security Frameworks: A Practical Guide to OWASP SAMM, ASVS, and More

As teams ship faster in cloud-native environments, the attack surface grows just as quickly. This makes application security a moving target. Yet most AppSec programs still feel like patchwork. Teams rely on ad hoc policies, chase compliance, or struggle to scale controls across the SDLC. Application security frameworks change that. They give you a structure […]

Shalom Carmel
10th June, 2025

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services