Labs - Malware Analysis

The Brazilian banking trojan BasBanke spreads to other countries

Written by David Morán | Apr 15, 2020 2:16:42 PM

The BasBanke banking Trojan, also known as Coybot, is a Brazilian Trojan that we have already discussed in one of our posts.

When we first spoke about this banking trojan, in December 2019, we had found several new samples that affected Brazilian entities, but now, it has broadened its targets and is now active in other countries as well.

Today we are going to examine its operation in greater detail, taking advantage of the fact that in recent weeks this banking trojan has been active again, with a new campaign in which different samples have been found that now affect Latin American (especially Chilean) and Spanish entities.

Some of the latest samples detected

In the above image we can see some of the recent samples that we have detected and analyzed, which affect non-Brazilian entities for the first time. As we can see, there is everything from false applications that simulate being the entity's legitimate application to steal the data, to applications that have nothing to do with banking and that later try to steal the logon credentials for various entities.

Next we will examine how BasBanke banking trojan works in greater detail and what its new features are, beyond those related to the affected banks.

If you are interested in continuing to read the full report: