The cybersecurity department of Palo Alto Networks, Unit 42 has published a report on Tuesday revealing that Isreali Fintech companies are being targeted by Malware.
March 21, 2019. | AtoZ Markets - The threat research department has uncovered a Malware that targets Israeli fintech companies that develop software for Forex and Crypto trading firms. According to the report, Unit 42 had in 2017 analyzed and discovered an older version of the Cardinal malware. Cardinal is a Remote Access Trojan (RAT) which enables attackers to take remote control of the victim's system. Since the 2017 report, the threat detectors have identified a series of attack by the constantly-upgraded malware. Some of the upgrades included modifications which have enabled the RAT's attacks to be undetectable and difficult to analyze. The report also included that these attacks are focused on Fintech companies that are based in Israel.
However, since the first discovery, the report added that the attackers have made modifications to the Cardinal RAT malware. One of them was a possible merging of the RAT with a similar malware called EVILNUM. Since the first discovery in 2017, the malware has been upgraded from version 1.4 to 1.7.2. The latest version uses different complicated techniques to hinder analysis. Upon its execution, the new version of this malware collects victim's data, installs or updates the new version and executes commands from the attackers. The RAT then recovers passwords, download and execute an embedded BMP file, parse out pixel data from the image, updates itself and cleans cookies from the browsers and then uninstalls itself
Cardinal RAT and EVILNUM
Who are the targets?
Since 2017, the team observed Cardinal attacks on two Israeli-based Fintech companies who write software relating to Forex and cryptocurrency trading. The report concluded that EVILNUM and Cardinal RAT are 'both used in limited distribution attacks against Fintech companies'.
Please share your thoughts with us in the comment box below.