At the end of August, ESET telemetry has detected traces of activity of the infamous APT group, a.k.a Carbanak. ESET researchers investigating this gang’s activities offer an in-depth analysis of their findings in the blogpost titled “Carbanak Gang is Back and Packing New Guns,” which is now available on WeLiveSecurity.com.
With victims mostly in the United States, Germany, United Arab Emirates, United Kingdom, the Carbanak group keeps attacking specific targets related to the finance industry, including banks, Forex-trading companies, and even an American casino hotel.
“For infecting, the gang doesn’t use just one malware family to carry out its operations, but it employs several of them. The code in these different families contains similar traits, including the same digital certificate,” says Anton Cherepanov, Malware Researcher at ESET. “In fact, Win32/Spy.Agent.ORM, a new first-stage component used by the attackers, also known as Win32/Toshliph, as well as Win32/Wemosis, a backdoor capable of scraping memory of Point-of-Sale systems for credit card data, both share some similarities in their code with “the standard” Carbanak malware, detected by ESET as Win32/Spy.Sekur.”
Furthermore, the attackers are updating their arsenal with the latest exploits, such as the Microsoft Office remote code execution vulnerability (CVE-2015-1770) or the zero-day exploit leaked in the Hacking Team dumps (CVE-2015-2426).
ESET research team continues to monitor the Carbanak threats. For any enquiries or sample-submissions related to the subject, please contact us at: threatintel@eset.com.
About ESET
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.