Cyber criminals are using targeting banks using a trojan dubbed Odinaff, which stealthily defrauds financial institutions by gaining control over their systems and networks.
The trojan was discovered by cyber security firm Symantec, which says it has been in undocumented use since January, likely using its discreet capabilities to remain below the radar of security professionals.
Armed with custom-built malware tools, the trojan has been designed to establish a foothold on a targeted network. Once it has done that, Odinaff can then deploy malware tools to explore the networks, steal credentials and monitor activity. The tools can also wipe infected computers to hide traces of their activity.
Odinaff can also carry another trojan called Batel as part of its payload; Batel creates a backdoor to the command and control server used by the hackers. As Batel deploys malware for in memory use, it can luck in a machine without being easily noticed.
The level of effort that involves suggests such attacks come from cyber criminals that have a lot to gain financially of they breach the network of a large bank.
“These attacks require a large amount of hands on involvement, with methodical deployment of a range of lightweight back doors and purpose built tools onto computers of specific interest,” the researchers wrote.
“There appears to be a heavy investment in the coordination, development, deployment, and operation of these tools during the attacks,” the researchers wrote. Although difficult to perform, these kinds of attacks on banks can be highly lucrative.”
Odinaff is set to share digital characteristics with the Carbanak trojan that also targeted targeted large financial institutions, and was used by cyber criminals.
While attacks appear to have happened worldwide, the main areas affected according to Symantec, are the USA and Japan.
Cyber criminals are using increasingly sophisticated malware to get into banks and swipe lucrative data, using all manner of vectors including cloud services such as Google Drive.
Are you a security expert? Try our quiz
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…