Trojan

Casbaneiro

First seen: 2018 • Status: active

Currently Active Threat

Casbaneiro hides its attack instructions in YouTube descriptions while stealing from banks and crypto wallets.

Overview

Casbaneiro is a Latin American banking trojan that also targets cryptocurrency users. It uses YouTube for C2 domain retrieval and targets both banks and crypto exchanges.

Also Known As

Metamorfo, Ponteiro

How It Spreads

  • Malspam
  • Fake software
  • Compromised sites

What It Does

  • Banking credential theft
  • Cryptocurrency theft
  • YouTube-based C2
  • Clipboard manipulation

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for YouTube C2 patterns
  • Check for clipboard manipulation
  • Analyze banking overlay indicators
  • Review crypto wallet access

MITRE ATT&CK Techniques

T1566, T1185, T1102, T1115

If You're Infected

  1. 1.

    Remove Casbaneiro

  2. 2.

    Reset banking and crypto credentials

  3. 3.

    Move crypto to new wallets

  4. 4.

    Review recent transactions

Related Malware

Grandoreiro, Mekotio, Chaes

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices