Carefully designed keyloggers aim at the financial sphere
Lastline discovered three independent modifications of keylogger malware that are hitting financial services for today.
Lastline analyzed 100 of the most actual samples of malware and discovered a lot of iSpy keylogger samples among financial companies. It`s an analogue of the infamous HawkEye logger, a powerful keylogger with ability to send user`s sensitive information to a server under the control of the keylogger operator. Lastline captured the communication with the command and control server and revealed the active leakage of website, email and FTP information.
Investigators also found out malicious Emotet and URSNIF keyloggers that were distributed alongside with Microsoft Office documents. These two malware variations use one and the same by-passing module in order to find active analysis environments and general methods to infilter financial operations, for instance, to find out network with a person at the controls and to take roots into automated transfer payments.
Hackers are very cunning, they improve their creations by adding new functions such as lateral shift, extra steal of sensitive information and ability to spam.
Lastline director Andy Norton stressed that it`s rather innovative and tricky malware. There is no wonder, because the finance industry always attracted numerous hackers. As a result, this sphere requires even better protection, because cybercriminals are ready to launch an attack and the recent incidents prove their goals.
So, we come to the following conclusions:
1. Lastline detected a vast number of malicious files that is 47 percent higher in comparison with their last Malscape Monitor Report.
2. Most malware possess all the essential characteristics of the malware behaviors that include sensitive data theft, avoiding of static and dynamic analyses and ability to remain disguised.