Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


PC Attackers TeleBots Targeting Ukrainian Banks

Security researchers from ESET detected an unusual malicious toolset which apparently attackers utilized to launch targeted cyber assaults that wreaked havoc for top ranked institutions within the financial sector of Ukraine between July and December 2016.

According to ESET the security firm, it found one fresh gang named TeleBots that used a similar modus operandi as that by BlackEnergy. TeleBots was chiefly attacking Ukrainian banks, according to the company, while dispatched spear-phishing e-mails containing malevolent Excel documents for contaminating PCs. News.softpedia.com posted this, December 15, 2016.

There are several tools inside the mentioned toolset. These are certain backdoor called Python/TeleBot.AA, keylogger-contained password-grabbing tools, another tool for LDAP query, one BCS-server tool, KillDisk a destructive element, and more backdoors.

TeleBots utilizes spear-phishing electronic mails with Microsoft Excel files attached that carry sinister macros for loading harmful binary. These macros eventually pull down more malware which plant the Python/TeleBot.AA backdoor, the key malicious program the attackers employ.

ESET explains that the Excel files arrive, containing macros, which by default pull down malware onto the attacked systems after their execution. This lets the attackers towards increasing the infection on the computers, infiltrating the entire shared network, pilfering passwords along with documents, as well as extracting a lot of info available from the targeted PCs.

And once installed, the Python/TeleBot.AA Trojan exploits an API namely Telegram Bot listed within the Telegram Messenger app for establishing communication with the cyber-attackers. The security investigators detected a minimum of one model of the Python backdoor which utilizes certain outlook.com mailbox to work like its command and control system.

Among the other tools in the toolset, the LDAP query component garners every single information piece regarding the PCs along with usernames catalogued inside Active Directory, while the tools for stealing passwords garner saved passwords via different Web-browsers namely Internet Explorer, Google Chrome, Opera, and Mozilla Firefox.

Finally, KillDisk plays its role during the attack's last stages for erasing vital system files as well as rendering PCs unbootable. The component as well exhibits one logo taken from Mr. Robot television program's "F Society" for being sarcastic to the victim.

» SPAMfighter News - 12/21/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page