[MART] - Daily Diary #347 - Malware Types - Banking

CTAS-MAT ctas-mat at appgate.com
Tue Sep 14 21:53:56 UTC 2021 

Hello,
I hope everyone is doing well!

Below is the entry for today.

09/14/2021 - Diary entry #347

Today we will continue our thread on malware types, started in our Daily Diary #328. In our Daily Diary #345, we briefly mentioned Banking Malware. Today we will cover it in more details. A Malware is considered a "Banker" if its goal is to directly steal money from a target. With the popularization of Internet Banking and e-commerce websites, this kind of malware became very popular.

The most common way of doing that is to steal Internet Banking credentials, or the credentials for websites where one store credit card information. Malware like Zeus, first discovered in 2007, accomplished that by injecting JavaScript code into the targeted websites and recording keystrokes.

This kind of malware evolved along with cybersecurity. As soon as institutions adopted a Multi-Factor Authentication in their login flow, criminals started to adapt Remote Access Trojans for their purposes. The most popular malware in that area is Allakore, which has its base code published in Github. Allakore's variations stay hidden in the system waiting for their targets to access their Internet Banking accounts, and once they are logged, the malware pings the C&C server. From the C&C server, the attacker can lock the user screen and simulate mouse movements and keystrokes to send money to a controlled account. More recently, with the popularization of smartphones, we also observed this approach to attack mobile devices, like with the Brazilian malware family Brata.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210914/809f8726/attachment.htm>

More information about the MART mailing list