According to the ethical hacking training from the International Institute of Cyber Security (IICS), a group of researchers has discovered a new variety of fileless malware attacking mainly clients of some Banks in countries like Brazil and Thailand, using a hacking tool and at least two tools for information theft.
Ethical hacking training specialists mention
that malware (Trojan.BAT.BANLOAD.THBAIAI) connects to hxxp://35[.]227[.]52[.]26/Mods/AL/MD[.]zipmn
to download PowerShell codes. Subsequently, the malware connects to
hxxp://35[.]227[.]52[.]26/Loads/20938092830482 to run the codes and contact
other URL before renaming your files to look like legitimate Windows functions.
Finally, malware causes the infected computer
to restart to display a fake lock screen, intended for the victim to enter
their logon credentials.
As you start to remove all your loads, the
malware downloads two other hacking tools. The First
(TrojanSpy.Win32.BANRAP.AS) initiates the victim’s Outlook and sends the stored
email addresses to their command and control server. The second tool
(HKTL_RADMIN) allows a hacker to gain administrator privileges on the
compromised system.
When the user logs on again, the malware
releases a file to load the third hacking tool (Trojan.JS.BANKer.THBAIAI),
which takes control of the victim-visited site history by searching for bank
information. When you find something of your interest, collect the information
and send it to your C&C.
This campaign is one more example of the
pronounced growth experienced by file-free malware attacks in recent times;
According to specialists in cybersecurity, about 35% of the cyberattacks
registered in 2018 used a variety of malware without files.
According to the specialists of the ethical
hacking training specialists, a professional cybersecurity service can defend
an organization against most of this kind of threats by periodically updating
software. To complement this work, each organization’s IT teams must have an
appropriate defense plan, combining automatic learning and tools such as the
sandbox environment to ensure the best protection against fileless malware
attacks.
