Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Targeted malware used against Polish banks

by The Gurus
February 17, 2017
in Editor's News
malware
Share on FacebookShare on Twitter

Several Polish banks have been hacked by unknown attackers. The threat is delivered sneakily, via a watering hole attack, whereby a trusted but compromised website redirects to a landing page (the Polish Financial Supervision Authority) boobytrapped with an exploit.
In a new blog post ESET deliver technical details of this, as-yet minimally documented, malware. Their key findings show:

  • The website of the equivalent Mexican authority, Comisión Nacional Bancaria y de Valores (National Banking and Securities Commission), also served identical malicious redirects.
  • If the exploit kit successfully delivers the intended malware, the malicious payload – a 64-bit console application – is executed on the victim’s computer.
  • The encryption algorithm employed is quite a recent RC4-like stream cipher called Spritz (https://people.csail.mit.edu/rivest/pubs/RS14.pdf, 2014).
  • The loader is protected by a commercial packer called Enigma Protector and the module is stored in an encrypted state, waiting for the loader to unleash it.
  • In final stage of infection, the relatively large module (~730 kB) that contains the main features of the malware: to communicate with the C&C and receive orders from operators, injects itself into all running sessions on the compromised Windows system.
  • There is only one encrypted URL stored in the module. Communication is encrypted.

Considering the artifacts in the code, ESET have concluded that this is neither some reuse of code existing long before these recent Polish banking attacks, nor a forgotten, discontinued project. Moreover, ESET have observed occurrences of malware resembling this example in the past few weeks.
The full technical details are available in the ESET blog: http://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/

FacebookTweetLinkedIn
Tags: banking securityCyber SecurityESETMalware
ShareTweetShare
Previous Post

New Android Downloader Masquerading as Flash Player Update

Next Post

Google goes public about unpatched Windows vulnerability

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information