The Brazilian banking trojan BasBanke spreads to other countries

The BasBanke banking Trojan, also known as Coybot, is a Brazilian Trojan that we have already discussed in one of our posts.

When we first spoke about this banking trojan, in December 2019, we had found several new samples that affected Brazilian entities, but now, it has broadened its targets and is now active in other countries as well.

Today we are going to examine its operation in greater detail, taking advantage of the fact that in recent weeks this banking trojan has been active again, with a new campaign in which different samples have been found that now affect Latin American (especially Chilean) and Spanish entities.

Some of the latest samples detected

In the above image we can see some of the recent samples that we have detected and analyzed, which affect non-Brazilian entities for the first time. As we can see, there is everything from false applications that simulate being the entity's legitimate application to steal the data, to applications that have nothing to do with banking and that later try to steal the logon credentials for various entities.

Next we will examine how BasBanke banking trojan works in greater detail and what its new features are, beyond those related to the affected banks.

If you are interested in continuing to read the full report:


Report on BasBanke/Coybot banking trojan

BasBanke, also known as CoyBot, has been very active in recent weeks, in the form of new propagation campaigns for new samples in which it has not only supplanted other brands to make the user believe that it is a legitimate application, but has also impersonated to banking entities in specific versions that only affect said entities.

There have been no changes at a technical level with respect to past campaigns. However, the big news is the inclusion of new affected banking entities.


Posted by David García

In his more than 9-year professional career, he has been involved in multiple projects, the most important being in the fields of managed security, anti-fraud and ethical hacking services, and malware analysis. He has contributed his know-how and security-related improvements to a wide variety of fraud and vulnerability analysis products. He currently oversees the smooth running of our different products and researches current fraud developments in order to showcase buguroo overseas as well as providing the development department with feedback on the latest malware and cybercriminal trends.


We recommend you to read...

What did you think about this topic?

Leave your comments


Need to reduce fraud in your online banking?

Discover our holistic vision applied to online detection

Request demo