Numando banking Trojan abuses YouTube to manage remote settings

A banking Trojan has been detected that abuses YouTube, Pastebin, and other public platforms in order to spread and control compromised machines.

On Friday, ESET wrapped up a series on banking Trojans present in Latin America — including Janeleiro, a new malware sample similar to Casbaneiro, Grandoreiro, and Mekotio — but this one does not just hit that region; instead, campaigns have been detected across Brazil, Mexico, and Spain.

In a blog post, the cybersecurity researchers said that the Trojan, named Numando, has been active since 2018. Written in Delphi, this financial malware displays fake overlay windows to dupe victims into submitting sensitive data, such as the credentials used to access financial services.

Read more…
Source: ZDNet