• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers using stolen bank information to trick victims into downloading

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware

You are here: Home / General Cyber Security News / Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware
January 3, 2023

A new malware campaign has been observed utilizing delicate information stolen from a bank as a lure in phishing emails to drop a distant entry trojan called BitRAT.

The unknown adversary is thought to have hijacked the IT infrastructure of a Colombian cooperative bank, working with the information and facts to craft convincing decoy messages to entice victims into opening suspicious Excel attachments.

The discovery comes from cybersecurity organization Qualys, which identified evidence of a databases dump comprising 418,777 information which is explained to have been received by exploiting SQL injection faults.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The leaked details involve Cédula numbers (a countrywide identification document issued to Colombian citizens), email addresses, phone quantities, consumer names, payment data, wage details, and addresses, among others.

There are no indications that the info has been earlier shared on any forums in the darknet or apparent web, suggesting that the risk actors by themselves obtained obtain to customer knowledge to mount the phishing attacks.

The Excel file, which contains the exfiltrated bank information, also embeds in it a macro that’s applied to obtain a 2nd-stage DLL payload, which is configured to retrieve and execute BitRAT on the compromised host.

BitRAT Malware

“It makes use of the WinHTTP library to down load BitRAT embedded payloads from GitHub to the %temp% listing,” Qualys researcher Akshat Pradhan explained.

Established in mid-November 2022, the GitHub repository is utilized to host obfuscated BitRAT loader samples that are in the end decoded and launched to entire the infection chains.

BitRAT, an off-the-shelf malware offered on sale on underground boards for a mere $20, will come with a large vary of functionalities to steal info, harvest credentials, mine cryptocurrency, and obtain further binaries.

“Professional off the shelf RATs have been evolving their methodology to distribute and infect their victims,” Pradhan explained. “They have also elevated the usage of legit infrastructures to host their payloads and defenders need to account for it.”

Identified this article exciting? Adhere to us on Twitter  and LinkedIn to read far more distinctive material we put up.


Some components of this report are sourced from:
thehackernews.com

Previous Post: «offensive security bans use of chatgpt in cyber security certification Offensive Security bans use of ChatGPT in cyber security certification exams
Next Post: Shopify bets on ‘Audiences’ tool to combat Apple’s tracking restrictions for retailers shopify bets on 'audiences' tool to combat apple's tracking restrictions»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.