Financial Institutions in Irvine Need IT Support Against the Metamorfo Banking Trojan - Managed IT Services Los Angeles
Irvine IT support

Irvine banking businesses seeking IT support should go a step further to ensure that their systems are fortified from malware. Cybercriminals are continuously launching new malware that targets companies and other institutions. In April 2018, cyber researchers identified new variants of the Metamorfo malware, that were used to launch multiple campaigns. These attacks were made in almost similar fashion but with small “morphing” differences that gave the malware its name. Metamorfo is a windows malware family that targets the customer base of online financial firms. The variants also target online banking users in countries like Brazil, the US, Ecuador, Canada, and Mexico.


Irvine IT support experts can help you set up the necessary virtual infrastructure to protect your systems, but this may not be enough if your employees do not practice prevention measures. This malware uses phishing emails as its infection strategy. Users are baited into clicking an URL that directs them to a cloud storage website. They will be subsequently prompted to download a ZIP file, which, once extracted, will be activated on the computer. The file uses a ‘legitimate’ Windows executable to trick users into executing the file.

Cybercriminals use content that the user might expect. Users can, for example, receive a notification that they have received an invoice.

The trojan will run a security bypass module once it infects a computer. It will shut down any running processes of security engines and applications that can interrupt its actions. The victim will continue to browse unknowingly since they will be no security alarms raised.

A Very Resilient Trojan

Once activated, the trojan terminates all running browsers, including Google Chrome and Mozilla Firefox. It also modifies several registry keys to prevent new browser windows from utilizing auto-suggest and auto-complete in data entry fields. The users will be prompted to retype their passwords and other credentials.

The malware embarks on data harvesting, where it determines the user’s identity by collecting personal information like telephone number and name. The harvested data is then used to optimize the attack campaigns.

Metamorfo includes a function that monitors various keywords linked to targeted financial institutions. The criminals can, therefore, be notified in real-time when a user is trying to access online banking services. The malware will also automatically hijack the victim’s credentials when it detects a compatible application.

Can the Metamorfo Malware Be Removed?

The Metamorfo malware is especially malicious since the criminals behind it have made it difficult to remove. It can be updated to make use of stealth protection, where it is protected from anti-virus programs and other monitoring systems.

The malware uses codes that are compatible with popular browsers like Google Chrome and Internet Explorer. In addition to account credentials, the malware will record bookmarks, history, and cookies.

The trojan will then be configured as a persistent virus, which means that it will automatically set up every time the machine boots. Removing the Metamorfo will be complicated if it discourages users from listing it in the boot recovery menu.

To remove the malware, you will need to isolate and delete it. An IT support provider in Irvine can do automatic removal through an anti-malware scan and specific software if manual removal is compromised.

Are Your Systems Safe from Metamorfo?

Cybercriminals have gotten smarter and their highly-personalized campaigns continue to compromise people’s online data. At Advance Networks, the first thing our Irvine IT support firm recommend is regular training for employees as part of dedicated IT support. The Metamorfo trojan baits users via emails, and your staff are, therefore, the first line of defense from malware attacks. You can contact us for more comprehensive actions against cybercriminals.

Comments are closed.

Contact Us Today

Front Page Form