In line with a recent official news report by research department Unit-42 company ‘Palo Alto Networks,’ Israeli fintech firms that operate with forex and cryptocurrency trading are being targeted by malware.
According to the report, Unit – 42 primarily encountered an older version of the malware in question named ‘Cardinal RAT’, earlier in 2017. Since April 2017, Cardinal RAT has been well-known after examining attacks against 2 Israel-based fintech firms engaged in developing forex and ‘cryptocurrency‘ commerce software. The software is a RAT [Remote Access Trojan], that permits the accusers to remotely manage systems illicitly.
The updates applied to the malware aim to evade detection and hinder its analysis. Once explaining the obfuscation techniques used by the malware, the researchers added that the payload itself doesn’t vary considerably, compared to the actual terms of modus operandi or capabilities.
The software gathers victim information, updates its settings, acts as a reverse proxy, executes commands, and then uninstalls itself. Additionally, it then recovers passwords, downloads and executes files, logs keypresses, captures screenshots, updates itself and cleans cookies from browsers. Unit – 42 added that it witnessed attacks deploying this malware targeting fintech corporations that engaged in forex and crypto-currency commerce, based in Israel.
The post further notes that this malware seems to solely be employed in attacks against fintech organizations. When researching the data further, the firm claims to have found another case where an organization submitted both EVILNUM and Cardinal RAT on the same day, which is especially noteworthy since both those malware families are very rare.
EVILNUM is reportedly capable of setting-up to become persistent on the system, running arbitrary commands, downloading files and taking screenshots.
As ‘reported‘ by EtherDesk earlier, a Google Chrome browser extension tricking users into collaborating in a faux airdrop from cryptocurrency exchange ‘Huobi’ claimed over two hundred victims.
Moreover, an another ‘report‘ last week revealed that cybercriminals are reportedly favouring unhurried approaches in attacks made for monetary gains, with ‘cryptojacking‘ as a first example of this shift.