Crypto, forex exchange Israeli fintech organizations targeted with Cardinal RAT
Palo Alto Networks the cyber-security company in its March 19 publication through its threat research wing Unit 42 states that a particular malware is targeting Israeli fintech firms which specialize in crypto and forex trading.
At first, Unit 42, in 2017, uncovered Cardinal RAT when it associated the remote access trojan (RAT) with the Carp downloader which exploited macros within Excel files of Microsoft Office. The RAT, over the period 2016-17, had been actively lurking, managing to remain undetected because of its limited number campaigns.
Features that describe Cardinal RAT's capabilities are updating settings, garnering victim information, recovering passwords, executing commands, behaving like reverse proxy, capturing screenshots, keylogging, pulling down new files online and running them, and more.
EVILNUM's first objective is to give its perpetrator data regarding hosts it compromises after which the second-phase malicious program is loaded. Nonetheless, some additional features of the malicious program of January 2019 variant comprises capturing local cookies and taking screenshots, thus reports Palo Alto.
Moreover, Unit 42 observes that although EVILNUM and Cardinal may be related, they have certain differences too with respect to their infrastructures, delivery methods and geographic distributions.
Additionally, the two malware groups' targeting interests are same, therefore such targets being fintech firms the latter need make sure they're safeguarded from the malware samples. And though a detail insight is absent regarding the activities of the attackers after they efficaciously enter a host network, it is possible they then help enable financial gain.
One tricky browser extension of Google Chrome is making Internauts take part within certain false airdrop from Huobi trader of crypto-currency that amassed 200+ victims. It is further reported that online criminals currently adopt approaches that are devoid of haste during attacks related to financial benefits, and mining for crypto-currencies is the main example.
» SPAMfighter News - 26-03-2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!