Cabassous is a modular banking trojan that can be customized to target specific banks and financial institutions. It is typically distributed through SMS phishing messages that contain a malicious link. Once the link is clicked, the trojan is installed on the victim’s device. The trojan attempts to prompt users to enter their login credentials using the overlay attack technique.
Cabassous can steal sensitive information from mobile banking apps, including account credentials, transaction history, contact information, and device information. It can also intercept push notifications from mobile banking apps, allowing the malware to respond to these notifications and trick the victim into entering their credentials.
Apps of almost 15 banks were targeted, including Bankinter, ING España, and Santander. This malware was first discovered in January 2021. Subsequently, a new variant was identified that was named FluBot.
Once the target device was breached, the malware took numerous steps, including sending and receiving SMS messages, spamming contacts in the contact database and stealing those contact details, and even disabling Google Play Protect.
The Cabassous trojan also employs several more novel capabilities:
- The code hides the app icon from the operating system’s launcher so the app remains undetected by users.
- By selecting the command-and-control server address, attackers used a domain generation algorithm to help evade detection.
- This trojan was primarily focused on banking and cryptocurrency apps of Spanish customers.
As a mobile banking app developer, there are several things you can do to protect your app from Cabassous:
- Use a security scanner to scan your app for vulnerabilities.
- Implement security features such as two-factor authentication and fraud detection.
- Educate your users about the dangers of phishing attacks and how to protect themselves.
These steps can help protect your mobile banking app from Cabassous and other banking trojans.
Learn More about Banking Trojan Families
Cabassous is one of the principal families of banking trojans threatening mobile banking and financial apps. Learn more about other prominent banking trojan families:
- Medusa Trojan
- Cerberus Trojan