Zumanek is a malware categorized as a banking Remote Access Trojan (RAT). It was distributed in October 2020 targeting Latin American banking customers.
This malware is distributed through social engineering. In this, cybercriminals use phishing tactics to trick users into downloading and installing Zumanek in their systems without their consent. The primary purpose of Zumanek is to steal bank accounts and crypto wallet credentials.
Currently, the trojan has targeted users mainly in Brazil. Also, dropper (the 'executable' which downloads Zumanek) checks the system's geolocation, and if it is not Brazil, the trojan is not downloaded. Since the motivation of the cybercriminals is purely financial, the hijacked bank accounts and crypto wallets are likely misused for fraudulent online purchases, account transfers, etc. Thus, this infection might lead to significant financial loss to the users.
Indicators of Compromise
- RATs let attackers access file systems and operating system functions, leading to full control of the host system.
- It can deploy keyloggers to steal the credentials from the user.
- Crypto wallets can be misused by the threat actors for illicit transactions.
- By hijacking the host systems’ peripherals like camera, microphone etc, the malware can violate the user’s privacy.
- It can also make the host connect to a botnet and carry out attacks on other targets without the affected user’s consent.
- Download applications from trusted sources.
- Use spam filters and antivirus programs to detect and filter suspicious emails.
- Backup your data at regular intervals.
- Use a firewall, antivirus, or anti-malware software.
- Use strong passwords.
- Create awareness among users about such attacks.