Crypto, forex exchange Israeli fintech organizations targeted with Cardinal RAT

Palo Alto Networks the cyber-security company in its March 19 publication through its threat research wing Unit 42 states that a particular malware is targeting Israeli fintech firms which specialize in crypto and forex trading.

At first, Unit 42, in 2017, uncovered Cardinal RAT when it associated the remote access trojan (RAT) with the Carp downloader which exploited macros within Excel files of Microsoft Office. The RAT, over the period 2016-17, had been actively lurking, managing to remain undetected because of its limited number campaigns.

Features that describe Cardinal RAT's capabilities are updating settings, garnering victim information, recovering passwords, executing commands, behaving like reverse proxy, capturing screenshots, keylogging, pulling down new files online and running them, and more.

Cardinal RAT possibly bears a correlation with the EVILNUM malware that's JavaScript-based, so discovered Palo Alto. This correlation is utilized within assaults targeted on similar organizations. At the time Unit 42 was examining files that a single customer submitted to Cardinal variants within the same timeframe, Unit 42 detected EVILNUM instances too. Cointelegraph.com posted this, March 19, 2019.

EVILNUM's first objective is to give its perpetrator data regarding hosts it compromises after which the second-phase malicious program is loaded. Nonetheless, some additional features of the malicious program of January 2019 variant comprises capturing local cookies and taking screenshots, thus reports Palo Alto.

Moreover, Unit 42 observes that although EVILNUM and Cardinal may be related, they have certain differences too with respect to their infrastructures, delivery methods and geographic distributions.

Additionally, the two malware groups' targeting interests are same, therefore such targets being fintech firms the latter need make sure they're safeguarded from the malware samples. And though a detail insight is absent regarding the activities of the attackers after they efficaciously enter a host network, it is possible they then help enable financial gain.

One tricky browser extension of Google Chrome is making Internauts take part within certain false airdrop from Huobi trader of crypto-currency that amassed 200+ victims. It is further reported that online criminals currently adopt approaches that are devoid of haste during attacks related to financial benefits, and mining for crypto-currencies is the main example.

» SPAMfighter News - 3/26/2019