It has been reported that the Metamorfo banking Trojan has expanded its campaign to target online users’ banking services around the world, with the aim of stealing credit card information, finances and other personal details. Like many other hacking campaigns, Metamorfo begins with phishing emails that in this case claim to contain information about an invoice and invite the user to download a .ZIP file. By downloading and running the file, the victim allows Metamorfo to execute and run on a Windows machine.
Commenting on this, Justin Fox, director of DevOps engineering at NuData Security, a Mastercard company, said “Banks and consumers are under continuous attacks by cybercriminals that will try to find any crack in defences to track and step in the middle between consumers and banks. While banks are employing various technologies to identify the true customer online, they just can’t protect them when hackers target consumers. Experts advise never to click on an attachment sent to you, but time and again cybercriminals come up with the most sophisticated method to trick the end user into clicking. From the moment a user receives the malicious email in their inbox, the clock is ticking – most users will click on links and provide their information, or open a malware infected document without thinking twice. Once they do, their credentials are immediately harvested for hackers to leverage or sell on the Dark Web. Educating end users is clearly not enough, nor is the deployment of technical countermeasures to protect end users.”