Over the past year, threats on financial institutions have exceeded all the previous records. This has not only affected businesses but also their customers as sensitive data are at risk.
Making headlines
In a new phishing campaign, the customers of European and South American banks are reportedly on the target of a new banking trojan.
- Brazilian hackers have released a trojan dubbed maxtrilha via customized phishing templates to infiltrate banking systems across the world.
- As of now, its instances have been traced in Latin America, extended Europe, and Portugal.
- Encrypted victims’ data is being sent to the C2 server geolocated in Russia.
About the trojan infection
The trojan is termed maxtrilha due to the use of the maxtrilha123 encryption key in a binary operation.
- maxtrilha, an x64 binary, is developed in Delphi language and can bypass AV and EDR systems.
- In its first stage, it opens a legitimate web page presented on the phishing template and establishes persistence on the infected machine.
- Further, it disables IE security settings and accepted extensions to make way for the 2nd stage payload, which also checks for persistence on the machine.
- In the 2nd stage, maxtrilha installs (or modifies) Windows trusted certificates and performs banking windows overlay to rip off credentials, all while it drops additional payloads executed via DLL injection technique.
Recent campaigns
- A few days back, banking and shopping apps and cryptocurrency wallets of users in the U.S. and Spain were under attack from the S.O.V.A. Android trojan. The trojan, currently in the development and testing phase, aims to add overlay techniques and keylogging mechanisms.
- Last week, a massive DDoS attack hobbled Australia and New Zealand Banking Group’s New Zealand site, Kiwibank, MetService, and NZ Post due to an issue at one of its third-party providers.
- Meanwhile, McAfee discovered an Android/Banker.BT malware threat that masquerades as a security banking tool or as a bank application designed to report an out-of-service ATM.
Final thoughts
Financial industry leaders, along with their security teams, need to find a workaround to mitigate threats and minimize attack surfaces by addressing flaws in systems. Besides adopting newer technologies to offer a seamless banking service, it is imperative that organizations dole out funds to upgrade and fortify their security posture as these threats will only grow in the coming times.
Source: https://cyware.com/news/a-rapid-rise-in-threats-targeting-financial-services-a199d2d4