Tech giant IBM is warning of a new cyberattack campaign that traps bank customers inside a fake web browser while attackers view their transactions in real time.
Senior threat analyst at IBM Trusteer he says the campaign is called OverlordMX and was announced in March 2026 targeting financial institutions in Latin America.
IBM says that OverlordMX is an automated “man-in-the-browser” trojan. Unlike most banking trojans, IBM says the malware puts a Spanish-speaking person at the center of the attack, monitoring each bank’s behavior.
The attack begins when a malicious script injects hidden information into the victim’s browser. IBM says the script tracks the latest URL and browser information every three seconds and checks for new commands from the attacker.
When the victim reaches a critical point, such as a login page, a transaction block or a one-time password, the attacker can launch a fake bank account overlay. IBM says that the screen can’t be removed by normal actions, without the lock button and trying to press ESC or click out of the window.
These screens can collect names, phone numbers, emails, notifications, one-time passwords and more. IBM says that one screen also prompts victims to download Remote Utilities Host, a legitimate remote utility that is often misused by the attacker as a remote access trojan.
Once installed, IBM says the user can monitor the victim’s device, manage the banking session, accept fraudulent transfers and change account settings. IBM says the stolen funds are transferred to mule accounts where the victim has a cover.
The company says the delivery method for the campaign has not yet been determined.
Follow us X, Facebook and Telegram
Don’t Miss Out – Sign up to receive email notifications straight to your inbox
Swimming The Daily Hodl Mix
 
Disclaimer: The views expressed in Daily Hodl are not financial advice. Investors should do their due diligence before making any risky investments in Bitcoin, cryptocurrency or digital assets. Please note that your transfers and transactions are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend buying or selling any assets including cryptocurrencies, nor is The Daily Hodl a financial advisor. Please note that The Daily Hodl participates in affiliate marketing.
Image Created: Midjourney
