In April 2018, researchers first discovered the Metamorfo malware in various campaigns. The malware initially targeted Brazilian companies in the finance industry. Recently a new campaign to deliver the malware expanded its geographic range and added a keylogger function. The newest variant is targeting payment-card data and credentials at financial institutions with Windows platforms. Once the malware is executed, it will kill the auto-suggest data entry in browsers, forcing every infected victim to manually type their password into the password which is tracked via a keylogger. The malware also has the ability to display messages tricking victims into handing over their 2-factor Authentication (2FA) codes that are commonly used for financial websites.
Analyst Notes
The new variant of Metamorfo is being spread through phishing emails. Because of this and many other attacks beginning with phishing, it is important for defenders to have security training set up at their companies to teach employees how to spot a phishing email. Because it is so common for untrained employees to fall victim to this type of attack, having a monitoring service such as Binary Defense’s Managed Detection and Response is a great way to find and mitigate attacks quickly. This new variant of the malware is spreading quickly and has encompassed a large geographic area. It is very possible that attacks will target the United States and everyone, not only companies, should be aware of this type of attack. Personal computers should be scanned with anti-virus and kept up to date with security patches. More on Metamorfo can be found here: https://threatpost.com/metamorfo-variant-keylogger-financial/152640/
