New Malware Mangit Surfaces as Banking-Trojan-as-a-Service

Discussion in 'malware problems & news' started by itman, Jun 21, 2016.

  1. itman

    itman Registered Member

    Jun 22, 2010
    One nasty banking Trojan; especially if it expands out of Brazil.

    Mangit targets only nine Brazilian banks

    Ric's Mangit malware comes with support for nine Brazilian banks, namely Citibank, BB, Sicredi, Sicoob, Itau, HSBC, Bradesco, Santander, and Caixa. Additionally, Mangit can also harvest user credentials for PayPal accounts and various social media services.

    Mangit is a crossbreed between banking malware and RATs

    Criminals can receive SMS alerts on their phones whenever a user is trying to access their bank account, and the crook can take over the victim's browser.

    The attacker can lock the user's browser page, asking users to wait, while they access the bank account and make illegal transactions. If the bank uses two-factor authentication or transaction verification codes, crooks employ Mangit to push browser popups in real time, asking users for the codes they just received on their phones.

    "This ability to carry out transactions from the victim’s machine remotely makes detecting fraud more difficult," Trend Micro's team writes. "Without an in-depth examination of the user’s system, it will appear that any transactions were carried out from the user’s PC (and therefore, by the actual client)."