Israeli Fintech Firms Targeted by Cardinal RAT Malware
According to a blog post from threat research department Unit 42 of cyber security company Palo Alto Networks published on March 19, an upgraded cardinal RAT malware targets Israeli fintech companies that work with forex and crypto trading.
Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. Per the report, Unit 42 first encountered an older version of the malware in question, the software is a Remote Access Trojan (RAT), allows the attacker to remotely take control of the system.
This updated malware hinders its analysis and evades detection. The researchers explain the complicated techniques employed by the malware, though the payload does not vary significantly compared to the original in terms of modus operandi or capabilities.
The malware acts as a reverse proxy and collects victim data, executes commands, updates the settings, and even uninstalls itself. It then recovers passwords, logs keypresses, downloads and executes files, captures screenshots, updates itself and cleans cookies from the browsers. Unit 42 noted the malware attacks employing who is engaged in forex and crypto trading, and based in Israel.
There are other instances also when the research team found another case where an organization submitted both EVILNUM and Cardinal RAT on the same day, which is particularly noteworthy since both come from the same malware family and are rare.
EVILNUM is reportedly capable of running arbitrary commands, downloading additional files, and taking screenshots, and setting up to become persistent on the system.
As Cointelegraph recently reported, a Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims.
Also to be noted is that cybercriminals are favoring easy-going approaches in attacks made for financial gains, with crypto jacking as a prime example of this shift.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.