{"id":3767,"date":"2021-09-24T17:18:08","date_gmt":"2021-09-24T22:18:08","guid":{"rendered":"https:\/\/truxgoservers.com\/blog\/?p=3767"},"modified":"2021-09-24T17:18:55","modified_gmt":"2021-09-24T22:18:55","slug":"numando-new-banking-trojan-lurking-on-the-web","status":"publish","type":"post","link":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/","title":{"rendered":"Numando new Banking Trojan Lurking on the Web"},"content":{"rendered":"\n<p>The threat actor behind this malware family has been active since at least 2018. Like the other Latin American banking Trojans described in this series, Numando is written in Delphi and uses fake overlays to steal confidential information from its victims. Some variants of Numando store these images in an encrypted ZIP file within their .rsrc sections, while others use a separate <a href=\"https:\/\/www.embarcadero.com\/es\/products\/delphi\" target=\"_blank\" rel=\"noreferrer noopener\">Delphi<\/a> DLL for just this storage.<\/p>\n\n\n\n<p>Numando backdoor capabilities allow you to simulate mouse and keyboard actions, reboot and shut down the machine, display overlapping windows, take screenshots, and kill browser processes. However, unlike other Latin American banking Trojans, the commands are defined as numbers rather than strings, which inspired the way we decided to name this malware family.<\/p>\n\n\n\n<p>This financial malware displays fake overlays to trick victims into submitting sensitive data, such as credentials used to access financial services. As is the case with many variants of banking Trojans, Numando spreads almost &#8220;exclusively&#8221; through spam and phishing campaigns.<\/p>\n\n\n\n<p>Luckily for us, this threat lacks sophistication and the operator may have contributed to a low infection rate. In recent campaigns, the spam sent to distribute Numando consists of a phishing message and a .ZIP attachment included with the email, we must bear in mind that when it is downloaded, it downloads a decoy .ZIP file, along with a Actual .ZIP file containing a .CAB file, bundled with a legitimate software application, an injector, and the Trojan.<\/p>\n\n\n\n<p>It seems that unlike most other Latin American banking Trojans, numando shows no signs of continued development.You may see some minor changes from time to time, but in general binaries don&#8217;t tend to change much, we&#8217;ll see what happens. in the future with this Trojan.<\/p>\n\n\n\n<p>Other reads:<br><a href=\"https:\/\/truxgoservers.com\/blog\/cinobi-banking-trojan-targeting-users-in-japan\/\">Cinobi banking Trojan targeting users in Japan<\/a><br><a href=\"https:\/\/truxgoservers.com\/blog\/tetrade-family-of-banking-trojans\/\">Tetrade family of banking Trojans<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The threat actor behind this malware family has been active since at least 2018. Like the other Latin American banking Trojans described in this series, Numando is written in Delphi and uses fake overlays to steal confidential information from its victims. Some variants of Numando store these images in an encrypted ZIP file within their [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3768,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[36,106],"class_list":["post-3767","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-trojan"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Numando new Banking Trojan Lurking on the Web - Truxgo Server Blog<\/title>\n<meta name=\"description\" content=\"We know that the internet is not safe with many threats that we can find and today we will see one of those called Numando........\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/\" \/>\n<meta property=\"og:locale\" content=\"es_MX\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Numando new Banking Trojan Lurking on the Web - Truxgo Server Blog\" \/>\n<meta property=\"og:description\" content=\"We know that the internet is not safe with many threats that we can find and today we will see one of those called Numando........\" \/>\n<meta property=\"og:url\" content=\"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/\" \/>\n<meta property=\"og:site_name\" content=\"Truxgo Server Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-24T22:18:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-24T22:18:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/09\/Trojan.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Truxgo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Truxgo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/\"},\"author\":{\"name\":\"Truxgo\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/8b409c26449db6aa09724b45331e333e\"},\"headline\":\"Numando new Banking Trojan Lurking on the Web\",\"datePublished\":\"2021-09-24T22:18:08+00:00\",\"dateModified\":\"2021-09-24T22:18:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/\"},\"wordCount\":307,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Trojan.jpg\",\"keywords\":[\"Cybersecurity\",\"Trojan\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/\",\"name\":\"Numando new Banking Trojan Lurking on the Web - Truxgo Server Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Trojan.jpg\",\"datePublished\":\"2021-09-24T22:18:08+00:00\",\"dateModified\":\"2021-09-24T22:18:55+00:00\",\"description\":\"We know that the internet is not safe with many threats that we can find and today we will see one of those called Numando........\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#primaryimage\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Trojan.jpg\",\"contentUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/09\\\/Trojan.jpg\",\"width\":800,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/numando-new-banking-trojan-lurking-on-the-web\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Numando new Banking Trojan Lurking on the Web\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\",\"name\":\"Truxgo Server Blog\",\"description\":\"Cloud Server and Hosting Tutorials.\",\"publisher\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#organization\",\"name\":\"Truxgo Server Blog\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/cropped-truxgo-logo-blanco.png\",\"contentUrl\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/cropped-truxgo-logo-blanco.png\",\"width\":1250,\"height\":278,\"caption\":\"Truxgo Server Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/#\\\/schema\\\/person\\\/8b409c26449db6aa09724b45331e333e\",\"name\":\"Truxgo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g\",\"caption\":\"Truxgo\"},\"sameAs\":[\"https:\\\/\\\/truxgoservers.com\\\/blog\"],\"url\":\"https:\\\/\\\/truxgoservers.com\\\/blog\\\/author\\\/truxgo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Numando new Banking Trojan Lurking on the Web - Truxgo Server Blog","description":"We know that the internet is not safe with many threats that we can find and today we will see one of those called Numando........","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/","og_locale":"es_MX","og_type":"article","og_title":"Numando new Banking Trojan Lurking on the Web - Truxgo Server Blog","og_description":"We know that the internet is not safe with many threats that we can find and today we will see one of those called Numando........","og_url":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/","og_site_name":"Truxgo Server Blog","article_published_time":"2021-09-24T22:18:08+00:00","article_modified_time":"2021-09-24T22:18:55+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/09\/Trojan.jpg","type":"image\/jpeg"}],"author":"Truxgo","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Truxgo","Tiempo de lectura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#article","isPartOf":{"@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/"},"author":{"name":"Truxgo","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/person\/8b409c26449db6aa09724b45331e333e"},"headline":"Numando new Banking Trojan Lurking on the Web","datePublished":"2021-09-24T22:18:08+00:00","dateModified":"2021-09-24T22:18:55+00:00","mainEntityOfPage":{"@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/"},"wordCount":307,"commentCount":0,"publisher":{"@id":"https:\/\/truxgoservers.com\/blog\/#organization"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#primaryimage"},"thumbnailUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/09\/Trojan.jpg","keywords":["Cybersecurity","Trojan"],"articleSection":["Cybersecurity"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/","url":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/","name":"Numando new Banking Trojan Lurking on the Web - Truxgo Server Blog","isPartOf":{"@id":"https:\/\/truxgoservers.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#primaryimage"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#primaryimage"},"thumbnailUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/09\/Trojan.jpg","datePublished":"2021-09-24T22:18:08+00:00","dateModified":"2021-09-24T22:18:55+00:00","description":"We know that the internet is not safe with many threats that we can find and today we will see one of those called Numando........","breadcrumb":{"@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#primaryimage","url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/09\/Trojan.jpg","contentUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2021\/09\/Trojan.jpg","width":800,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/truxgoservers.com\/blog\/numando-new-banking-trojan-lurking-on-the-web\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/truxgoservers.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Numando new Banking Trojan Lurking on the Web"}]},{"@type":"WebSite","@id":"https:\/\/truxgoservers.com\/blog\/#website","url":"https:\/\/truxgoservers.com\/blog\/","name":"Truxgo Server Blog","description":"Cloud Server and Hosting Tutorials.","publisher":{"@id":"https:\/\/truxgoservers.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/truxgoservers.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/truxgoservers.com\/blog\/#organization","name":"Truxgo Server Blog","url":"https:\/\/truxgoservers.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/08\/cropped-truxgo-logo-blanco.png","contentUrl":"https:\/\/truxgoservers.com\/blog\/wp-content\/uploads\/2020\/08\/cropped-truxgo-logo-blanco.png","width":1250,"height":278,"caption":"Truxgo Server Blog"},"image":{"@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/truxgoservers.com\/blog\/#\/schema\/person\/8b409c26449db6aa09724b45331e333e","name":"Truxgo","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/52691a61c58e68677ed4860007c1bb03b14eabe7350747ab3fad3e17825b4b96?s=96&d=mm&r=g","caption":"Truxgo"},"sameAs":["https:\/\/truxgoservers.com\/blog"],"url":"https:\/\/truxgoservers.com\/blog\/author\/truxgo\/"}]}},"_links":{"self":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/3767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/comments?post=3767"}],"version-history":[{"count":3,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/3767\/revisions"}],"predecessor-version":[{"id":3788,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/posts\/3767\/revisions\/3788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/media\/3768"}],"wp:attachment":[{"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/media?parent=3767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/categories?post=3767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/truxgoservers.com\/blog\/wp-json\/wp\/v2\/tags?post=3767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}