New Version of Infamous Carbanak Trojan Found in the Wild - CSIS

Securityweek.com reported on 3rd September, 2015 stating that a new version of the infamous Carbanak Trojan which is also known as Anunak has been discovered in the wild by researchers of Denmark based CSIS Security Group.

Carbanak has been in employment for many years now and security pundits of Kaspersky revealed the details of a massive Carbanak operation early this year which took banks for almost 1 USD Billion. That campaign targeted banks directly instead of end users. The attacks begin with spearphishing email notifications containing attachments with Carbanak backdoor. Carbanak gave scammers remote control of the compromised machine and they employed that as a foothold on the network of the bank and then robbed money in many different manner.

Now, researchers of CSIS say that they have seen fresh variants of Carbanak having some distinctive characteristics. The folder in which Carbanak installs itself and the filename used by it are both stagnant and the Trojan injects itself into the svchost.exe process as a way to secrete itself.

Threatpost.com published news on 3rd September, 2015 quoting a comment of Peter Kruse, Partner and E-crime Specialist of CSIS, as "Just recently, CSIS conducted a forensic analysis concerning a client of Microsoft Windows which was hijacked in trying to conduct phony online banking transactions. As a part of the forensic task, CSIS succeeded to separate a signed binary which we later recognized as a new sample of Carbanak."

The new Carbanak also uses random files and mutexes. The Trojan depends on predefined IP addresses instead of domains using a new proprietary protocol for communicating command and control (C&C). CSIS said that one of the new samples has been communicating with a C&C server hosted by a popular bulletproof hosting firm.

Securityweek.com published news on 3rd September, 2015 quoting Kruse as explaining "We define Carbanak as an economic APT. By temperament, it is most targeted and being installed in small numbers. Like this, it inclines to move under the radar. We have detected minimum 4 different new editions of Carbanak targeting chief financial personnel in big international businesses."

» SPAMfighter News - 9/18/2015