Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This banking malware just returned with new sneaky tricks to steal you data

March 12, 2019
in Internet Security
This banking malware just returned with new sneaky tricks to steal you data
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

New banking trojan malware getting ready for a global campaign, experts warn
BackSwap attacks were previously limited in scope, but now the gang behind it could be preparing for much wider attacks.

A new variant of an infamous banking Trojan malware with a history going back over ten years has emerged with new tactics to ensure it’s harder to detect.The malware aims to hunt out financial information, usernames, passwords and other sensitive data.

You might also like

High severity Linux network security holes found, fixed

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

Ursnif Trojan has targeted over 100 Italian banks

The Ursnif banking Trojan is one of the most popular forms of information-stealing malware targeting Windows PCs and it has existed in one form or another since at least 2007, when the its code first emerged in the Gozi banking Trojan.

It has become highly popular in recent years after the source code was leaked to GitHub, allowing cyber criminals across the world to take it and add new features to the malware.

Now researchers at security company Cybereason have uncovered a new, previously undocumented version of Ursnif which applies different, stealthier infection tactics than other campaigns.

This includes what researchers refer to as “last minute persistence” – a means of installing the malicious payload which tries to ensure a lower chance of being uncovered.

“The “last minute persistence” is a very clever and stealthy mechanism, where the malware will write its persistence key and files just before the system shuts down, so it’s not present on the disk for more than few seconds while the machine is turned on,” said Assaf Dahan, senior director of threat hunting at Cybereason.

Only when the user logs on again is Ursnif run and injected, before the registry keys and malware installation files are deleted, with the aim of giving security software little chance of discovering it.

Those behind this Ursnif campaign also deploy a multi-stage dropping process to ensure the lowest chance of detection and the greatest rate of success.

The attack begins with what researchers describe as researchers describe as generic but quite effective phishing emails which ask the victim to open an attachment – in most cases it’s a fake invoice, which asks users to enable macros.

If this request is follows, it enables execution of a PowerShell command which downloads an image hosted on a file-sharing site – stenography is employed to hide a payload within the image, which once decrypted, begins the next stage of the process.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

This payload is Bebloh, a banking trojan in its own right, but this campaign uses as a dropper for Ursnif. Researchers believe that the first banking trojan is deployed in an effort to ensure the target isn’t in fact a sandbox on a virtual machine, so as to avoid Ursnif being deployed into an environment where it can be analysed.

Following another series of tests to double check it isn’t running inside what it perceives as a hostile environment, the new Ursnif payload is run on the infected machine.

In addition to the new persistence mechanism, this version of Ursnif comes with new stealer functions allowing the attacker to make off with more than just bank details and passwords – it can also steal data from some emails and browsers, potentially providing a goldmine of sensitive information.

Microsoft Outlook, Internet Explorer and Mozilla Thunderbird appear to be particularly targeted as attackers look for additional supplies of stolen data. This version of Ursnif also comes with the ability to steal from bitcoin and other cryptocurrency wallets

“In recent years, we see that banking trojans are engaging more and more in information stealing, and not only after financial data. This could be tied to the shift in users’ behaviour who favour mobile online banking as well as the efficiency of security products protecting end users as well as banks from online theft and fraud,” says Dahan.

This particular Ursnif campaign appears to be focused on Japan and Japanese banks to the extent that if the malware detects that the computer isn’t located within Japan, it will terminate itself to avoid detection in other countries.

Researchers haven’t been able to identify the operation behind the latest Ursnif campaign, Dahan told ZDNet there’s evidences to suggest it’s related to the Cutwail Botnet, a cyber criminal operation which has been active since 2007 – the same year in which the code behind Ursnif first emerged.

Cybereason have provided the Indicators of Compromise and advice for on avoiding infection in their analysis of Ursnif.

READ MORE ON CYBER CRIME

Credit: Source link

Previous Post

F5 Networks Acquires NGINX For $670 Million

Next Post

Making the leap from automatic….to intelligent marketing automation

Related Posts

High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies
Internet Security

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

March 4, 2021
Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Next Post
Making the leap from automatic….to intelligent marketing automation

Making the leap from automatic….to intelligent marketing automation

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

AWS launches webinar for marketers looking to maximise their machine learning strategy
Machine Learning

AWS launches webinar for marketers looking to maximise their machine learning strategy

March 4, 2021
What Is Intent Data? How to Get Started
Marketing Technology

What Is Intent Data? How to Get Started

March 4, 2021
High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Deno 1.8 preps for GPU-accelerated machine learning
Machine Learning

Deno 1.8 preps for GPU-accelerated machine learning

March 4, 2021
3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021
Neural Networks

3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • AWS launches webinar for marketers looking to maximise their machine learning strategy March 4, 2021
  • What Is Intent Data? How to Get Started March 4, 2021
  • High severity Linux network security holes found, fixed March 4, 2021
  • A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates