Mar 19, 2019 18:53 UTC

| Updated:

Mar 28, 2019 at 02:38 UTC

Unit 42 Identifies Malware Focusing On Israeli Fintech Firms

By Prashant Jha

As per a blog post published by Unit 42, the threat research wing of cyber security firm Palo Alto Networks, a specific malware is seeking out and attacking fintech companies in Israel that commonly work with cryptocurrency trading and forex. The said blog post was published today, March 19, 2019.

According to what the blog post states, Unit 42 first came across an old version of this particular malware back in 2017. It is called Cardinal RAT and has been caught attacking two fintech companies from Israel that develop software solutions meant for crypto trading and forex. Identified since April of 2017, Cardinal RAT is a malware of the RAT (Remote Access Trojan) category which is designed in such as way so as to enable to attacker to hack into a given system from far away.

The blog post elaborates:

“We witnessed attacks targeting the financial technology (FinTech) sector, primarily focused on organizations based in Israel. While researching these attacks, we discovered a possible relationship between Cardinal RAT and another malware family named EVILNUM. EVILNUM is a JavaScript-based malware family that is used in attacks against similar organizations.”

The fresh updates that have been made to this particular malware ensure that it cannot be detected easily. Moreover, it also makes use of certain obfuscation mechanisms to prevent it from being analysed. However, even though detectability seems to have been reduced considerably, the payload itself remained more or less the same as what it had been in case of the original version of the malware. It works along the same lines and yields fairly similar methods.

This malware reportedly makes use of a BMP trick, collects information from the victim computer, executes a settings update, serves as a reverse proxy, goes through a command execution and then uninstalls itself. It seems that this malware is employed particularly in connection to fintech firms, especially those based in Israel.

Unit 42 has zeroed in on the use of this malware in attacking fintech firms based on the following indicators:

“Our telemetry shows these families are only used against companies in this sector. The lure documents used consistently related to lists of names/numbers of individuals involved in trading forex/crypto currency, a niche theme to use if targeting individuals outside of this sector. “

Prashant Jha

As a content writer Prashant believes in presenting complex topics in simple laymen terms. He is a tech enthusiast and an avid reader.

Related Posts

Yuga Labs launches BAYC council, Animoca backs Cool Cats and more

READ MORE 2 years ago

BlackRock’s newest ETF invests in 35 blockchain-related firms

READ MORE 2 years ago

New Cosmos whitepaper repurposes ATOM token and refines vision

READ MORE 2 years ago

The market is not surging anytime shortly — therefore get used to dark times

READ MORE 2 years ago

Australian legislator drafts bill geared toward stablecoin, digital yuan regulation

READ MORE 2 years ago

Brave takes aim at Google with privacy-protecting program beta

READ MORE 3 years ago

Altcoin Roundup: Market cycle analysis screamed ‘take profit’ earlier than May 19 sell-off

READ MORE 3 years ago