Cyber Criminals Using Odinaff Trojan To Infiltrate Bank Systems

Cyber criminals are using targeting banks using a trojan dubbed Odinaff, which stealthily defrauds financial institutions by gaining control over their systems and networks.

The trojan was discovered by cyber security firm Symantec, which says it has been in undocumented use since January, likely using its discreet capabilities to remain below the radar of security professionals.

Armed with custom-built malware tools, the trojan has been designed to establish a foothold on a targeted network. Once it has done that, Odinaff can then deploy malware tools to explore the networks, steal credentials and monitor activity. The tools can also wipe infected computers to hide traces of their activity.

Odinaff can also carry another trojan called Batel as part of its payload; Batel creates a backdoor to the command and control server used by the hackers. As Batel deploys malware for in memory use, it can luck in a machine without being easily noticed.

Professional cyber crime

This stealthy operation was needed as Symantec pointed out that the Odinaff requires a high level of user interaction and control, so it is likely to have been designed by cyber criminals who which to carefully control what the trojan downloads to infiltrate a targeted network so that it does not draw attention to its presence.

The level of effort that involves suggests such attacks come from cyber criminals that have a lot to gain financially of they breach the network of a large bank.

“These attacks require a large amount of hands on involvement, with methodical deployment of a range of lightweight back doors and purpose built tools onto computers of specific interest,” the researchers wrote.

“There appears to be a heavy investment in the coordination, development, deployment, and operation of these tools during the attacks,” the researchers wrote. Although difficult to perform, these kinds of attacks on banks can be highly lucrative.”

Odinaff is set to share digital characteristics with the Carbanak trojan that also targeted targeted large financial institutions, and was used by cyber criminals.

While attacks appear to have happened worldwide, the main areas affected according to Symantec, are the USA and Japan.

Cyber criminals are using increasingly sophisticated malware to get into banks and swipe lucrative data, using all manner of vectors including cloud services such as Google Drive.

Are you a security expert? Try our quiz

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

2 days ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

2 days ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

2 days ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

3 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

3 days ago