Medium
Financial malware Metamorfo is back with a new variant with added technique of forcing victims to retype passwords into their systems which it tracks via a keylogger. Researchers found a new spate of phishing emails targeting users and distributing new variant of Metamorfo malware. Metamorfo was seen targeting Brazilian financial firms and now it’s expanding it’s geographic range.
This newest variant, which targets payment-card data and credentials at financial institutions with Windows platforms, packs a new trick up its sleeve. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords – which it then tracks via a keylogger.
The infection is caused through a phishing emails and that distribute a ZIP archive containing an MSI file (named “view-(AVISO)2020.msi”). Researchers inspected this MSI file’s stream (a sequence of bytes written to files, giving more information about their attributes) and found JavaScript code mixed in with a wide swath of garbage strings.
File name
view-(AVISO)2020.msi