top of page
  • Admin

New Trojan In U.S. Takes Banking Theft To New Level

Published: June 4, 2020 on our newsletter Security Fraud News & Alerts Newsletter.

A new Trojan virus named Metamorfo is now in the U.S. after making its way from Canada and South America, where its known as Casbaneiro. The goal of this banking Trojan is to steal sensitive and confidential information from individuals and corporations, then use that data to fraudulently generate revenue. Metamorfo uses a myriad of ways to access all types of user accounts. And the more personally identifiable information (PII) it’s able to steal, the more damage it can do. Once in a system, the banking Trojan hijacks PII to commit extortion, make fraudulent purchases, launder money, and a host of other illegal activity.

Below are some of Metamorfo’s characteristics, including how it takes hold of a device through email phishing.

Threat Type

Metamorfo is a Malware Trojan, Banking malware, Password-stealing virus, Spyware. It also operates as a remote access tool (RAT) that performs various tasks from the hacker’s remote location.

How It Works

Metamorfo enters through phishing emails with infected attachments or from browsing through compromised websites. The emails appear to be from trusted sources like banks and other valuable accounts, typically telling users that important account data must be verified. In order to verify your data or solve a “problem with an account,” the attachment needs to be opened. Once done, Metamorfo gets to work without giving any clues or symptoms to a victim that it’s on their device. Once on the loose, Metamorfo deploys a number of info-stealing tools:

  • Takes screenshots of anything visible on a device screen, including web pages with PII and other sensitive information.

  • Keystroking or keylogging records every digit entered on a keyboard. That includes account numbers, logins and passwords, social networking information, emails, contacts, banking data, and more.

Damage Done

  • Proliferates malware, makes fraudulent purchases and transactions, extortion, money laundering and much more.

  • Once in a system, Metamorfo can become even more sophisticated and damaging. This Trojan malware can even update itself with increased destructive abilities.

Preventing an Attack

Beware emails, even those appearing to be from a trusted source. Check the source and address of the sender, paying particular attention to any attachments or downloads it contains. Using a phone to verify the sender is legitimate, even if it appears to be from someone you know and trust, takes only seconds. It can also prevent an infection that’s long and injurious.

  • Keep system software up-to-date and apply security patches as soon as available.

  • Have anti-virus software installed and run it regularly.

Want to schedule a conversation? Please email us at


bottom of page