A technology company detected an infection with an extract information Trojan
Network security and ethical hacking experts from the International Institute of Cyber Security confirmed the emergence of a new Trojan infecting multiple retail networks. In this new campaign, hackers have already managed to steal large amounts of confidential data to put on sale in dark web forums.
The company specializing in the development of small business technology Panda Trading Systems claims to have detected the Trojan a few weeks ago.
“This is a perfectly structured campaign against brokers, affiliate networks and other companies considered retail businesses”, commented the Director of Commercial Development at Panda Trading Systems. “After detecting the virus we launched a security warning, hoping that it would help our industry colleagues to prevent possible infections”.
According to network security experts, Panda TS IT teams detected the malware during routine analysis of their customers’ call centers. After an internal investigation, Panda TS security teams found the malware; the company claims that it also detected the perpetrators of the attack, but can’t reveal more details because a police investigation is underway.
In questioning various actors in the retail industries, some confirmed that malware had also been detected in their networks, and commented that in some cases hackers achieved their task. “I can confirm that our systems were infected with a virus, although we ruled out that hackers have managed to steal our information,” says the CEO of a broker agency.
According to experts in network security, the virus reached the business networks of these businesses through hackers who pretended to be traders. Hackers sent false documents to brokers, impersonating bills or customer lists.
After downloading some of those files (Word documents, usually), hackers asked the victims to enable content editing, an action that started downloading a PowerShell on the victim’s machine.
Panda TS teams have identified various malware variants, including the Emotet virus, used for activities such as password theft, emails and payment card details. Some types of malware were also found to remotely access a victim’s computer and operate it in silent mode.
“These variants of malware are very similar to those used in the attacks on Ukraine’s infrastructure,” said a specialist in a cybersecurity firm. “Similar malware variants have been identified in multiple attacks on banks; If I were to operate any of the potentially vulnerable businesses, I would try to strengthen my security as soon as possible.”
Panda TS teams say that, although so far only small traders have been infected, it is not ruled out that larger companies in various branches begin to be attacked as well.
Finally, Panda TS was able to confirm that the information extracted from these companies is already on sale in various dark web forums.