Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:57:34 UTC
Home > List all groups > List all tools > List all groups using tool CamuBot
 Tool: CamuBot
Names CamuBot
Category Malware
Type Banking trojan, Credential stealer
Description
(IBM) Unlike other malware operated in Brazil, CamuBot is a defined new code. Very
different from typical banking Trojans, CamuBot does not hide its deployment. On the
contrary, it is very visible, using bank logos and overall brand imaging to appear like a
security application. It thus gains victims’ trust and leads them to install it without
realizing they are running an installation wizard for a Trojan horse.
CamuBot is more sophisticated than the remote-overlay type malware commonly used in
fraud schemes targeting users in Brazil. Instead of simplistic fake screens and a remote
access tool, CamuBot tactics resemble those used by Eastern European-made malware
such as TrickBot, Dridex and QakBot, each of which focuses on business banking and
blends social engineering with malware-assisted account and device takeover.
Information
Malpedia AlienVault OTX Last change to this tool card: 24 May 2020
Download this tool card in JSON format
All groups using tool CamuBot
Changed Name Country Observed
Unknown groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8
Page 1 of 2

_[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8
Page 2 of 2