Malware
Malware
27.7.2021
8:30 am

Janeleiro.mx Threat Briefing

By Jesus Dominguez of the Offensive Security Team, Ocelot
Leer más

Synopsis

Banks have traditionally been a very attractive target for attackers, as they represent the possibility of instant money; however, thanks to regulations such as PCI (Payment Card Industry) that strengthen security controls to protect bank accounts, criminals are looking for other attack vectors with fewer restrictions. One of them is to compromise the weakest link, being the cardholders, with a strategy based on tricking them into handing over their online banking access credentials and thereby, the control of their bank account.

Ocelot has been monitoring since January 2021 a new variant of the Janeleiro banking trojan, known for attacking banking users in Brazil. This new campaign attacks users who use online platforms of Mexican banks, as well as users of Bitso (the platform for buying and selling cryptocurrencies based in the same country), for which it was named Janeleiro.mx.

The method used by cyber attackers to implant this malware in their victims' machines is by sending targeted emails, known as spear phishing, which download the new Janeleiro.mx variant from legitimate but compromised websites. Once the malware is on the computer, it monitors the victim's browser waiting for them to connect to a Mexican online bank, and then generates fake pop-up windows, pretending to be legitimate forms from the leading Mexican banks. The objective of the fake forms is to trick victims into entering their banking credentials and personal information, and thus gain unauthorized access to their bank accounts.

Previously, cybercrime was characterized as an activity carried out individually. New research now points to possible collaboration between cybercriminals from different regions, who have broken down time and language barriers, in order to establish close   cooperation   and   boost   the   development   of   malicious   tools.   Therefore, cooperation in research and intelligence is also critical in dealing with cybercriminal groups.

In this regard, and due to the continuous activity of the campaign in Mexico and the number of people who are exposed, Metabase Q and Ocelot have decided to share the results of the research, hoping that it will help prevent future infections by the malicious group.

We encourage organizations to strengthen their threat monitoring, detection and eradication skills by proactively simulating ransomware and other malware in their organization through our APT (Advanced Persistent Threats) Simulation service.

To learn more about Janeleiro.mx, as well as its tactics, techniques and procedures, you can download the full report.

Keep reading

To download this file and keep reading, please fill out the following form.

At least First and Last Name
Please use your work e-mail
Thank you. Click below to download the file
DOwnload
Oops! Something went wrong while submitting the form. Please try again.

Protection recommendations

  • Stay up to date. Make sure computers, mobile devices and applications are updated with the latest patches and patches available.
  • Stay secure. Validate that your computer and mobile devices are protected against viruses (malware), and that the configuration of the Operating System and applications is secure.
  • Stay informed. Ensure your financial services notify you of charges and transactions and keep track of expenses and changes made in the banking service.
  • If it's suspicious, it's dangerous. Be alert to the arrival of unsolicited content, as well as abnormal events in the personal and/or business context. Cybercriminals continuously alternate the communication channel and/or medium to scam their victims into delivering sensitive information.
    • Phone calls
    • Text messages (SMS)
    • Emails
    • Internet browsing
  • Verify before acting. In case of a potential case of account compromise, stay calm and validate movements directly with the source of the financial service available to you.
    • Last recognized charge
    • Last successful access
  • Additional protection. Most financial institutions have additional protection tools available for download. We recommend the use of these tools, considering, however, that they are not a substitute for traditional antivirus.
  • Do not store information. Nowadays, it is common to see Excel, Word, Notepad files in computers with prominent names such as: "Banking passwords", "Electronic banking accesses", etc. This makes it easy for attackers to search for sensitive information, if you cannot memorize this data, do not keep them in sight and use other names to save this information.
  • Control of your PC. If you notice that you no longer have control of your computer, such as: open and close files, turn it off or restart it, change programs or switch between tasks, someone else is likely controlling your computer. Do not enter sensitive information if you believe this may be the case.
  • Use only one computer. Always use a single computer to access your banking services. Do not access your accounts from computers that you do not know or that are used by several people since they could have downloaded or installed malware without realizing it.
  • Public networks. If you are going to access your banking portal, do it from a reliable network. Do not use public wireless networks without a password for this purpose, as this may compromise your information.
  • Continuous and timely communication. Maintain agnostic and continuous awareness of threats to information security, digital hygiene, and mechanisms for validations of charges.
  • Risk in the context of fraud prevention. Consider monitoring and tracking risk events representing business rules, identity, and user trust in each banking channel.
  • 360º visibility of risks. Profile the risks in user activities considering the activities they perform in all the channels with which they interact.
  • Fraud changes and evolution. Evaluate the need to learn from the user activities and the context of the channel, product and/or service, vs. time-based learning. Consider capabilities in engines that facilitate fraud recognition, using supervised and unsupervised learning.
  • Base protection of channels and digital banking. Standardize the detection and respond against intrusions directed to the applications, infrastructure and/or the network of the banking channels.
  • Secure transactions from end-to-end. Identify and monitor transactions in an integral manner, covering from the client’s request, the execution and status of those internal processes to respond to client needs, to the outcome of the resulting transaction. This will significantly facilitate the identification and response to attacks that occur within the infrastructure of the banking channels and/or through abuse of internal processes.
  • Integral Cybersecurity and Fraud Prevention Strategy. Take advantage of business, cybersecurity, and fraud prevention variables to plan and improve protection cases for banking channels.
Ver archivo adjuntoLeer más

Entérate primero

La mejor fuente de videos, eventos, seminarios web y artículos de ciberseguridad, a un click de distancia.

Gracias, se ha suscrito exitosamente
Algo salió mal, por favor intente de nuevo

Be the first to know

The best source of information about cybersecurity videos, events, webinars, articles, and much more just one click away!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.