It’s called Metamorfo, and it’s a very powerful malware capable of stealing the banking details of the unfortunate. Metamorfo has been the subject of an analysis by Bitdefender, which has revealed how the virus acts and infects devices.
Metamorfo was first detected in Brazil in 2018, but it seems that its spread didn’t stop in Latin America.
How does the Metamorfo malware work
According to researchers, the malware uses the Dynamic-Link Library (DLL) hijacking technique. The malware basically manages to hide on the computer by forcing an application to execute a third-party code by exchanging a library for a malicious one.
Metamorfo thus manages to look like a completely legitimate application. The problem is that companies often do not have adequate protection systems in place to detect that an application that looks legitimate and carries a certificate of authenticity actually contains potentially malicious malware.
In addition, Metamorfo acts by locating its files in subfolders with random names and unusual extensions.
According to Bitdefender, software components owned by Avira, AVG and Avast, Daemon Tools, Steam and NVIDIA were affected by the attack. All of these companies have fixed their vulnerabilities. But to avoid the attack, the affected companies are required to blacklist vulnerable components with the operating system vendor and revoke the certificate used to sign the components in question.
What does Metamorfo do
Metamorfo steals banking details. In one of its variants it targets payment cards, in particular, it resets completed fields and the autocomplete function, forcing victims to re-enter data, including passwords, which it then manages to trace and steal.
In its more sophisticated versions, the malware even manages to send a message to the victim with a code that allows the two-factor authentication obstacle to be overcome.
It is clear that the virus is well designed and can therefore be very dangerous.
How to stay protected
Computer scams and malware are becoming increasingly sophisticated and difficult to detect. A similar case is that of the Spyware Agent Tesla, also investigated by Bitdefender, which exploited the technique of spear phishing, with emails difficult to identify as fake.
It is worth remembering some advice to avoid running into malware and similar problems:
- Pay attention to the source addresses of the emails;
- Watch out for downloaded files;
- Do not click on links sent from suspicious sources
- Beware of appearances;
- Have adequate protection systems in place.