Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
According to a cybersecurity company, Israeli fintech companies are being targeted by malware.
Israeli fintech companies that work with forex and crypto trading are being targeted by malware, according to a blog post from threat research department Unit 42 of cybersecurity company Palo Alto Networks published on March 19.
Per the report, Unit 42 first encountered an older version of the malware in question, Cardinal RAT, in 2017. Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. The software is a Remote Access Trojan (RAT), which allows the attacker to remotely take control of the system.
The updates applied to the malware aim to evade detection and hinder its analysis. After explaining the obfuscation techniques employed by the malware, the researchers explain that the payload itself does not vary significantly compared to the original in terms of modus operandi or capabilities.
The software collects victim data, updates its settings, acts as a reverse proxy, executes commands, and uninstalls itself. It then recovers passwords, downloads and executes files, logs keypresses, captures screenshots, updates itself and cleans cookies from browsers. Unit 42 notes that it witnessed attacks employing this malware targeting fintech firms that engaged in forex and crypto trading, primarily based in Israel.
The report further claims that the threat research team discovered a possible correlation between Cardinal RAT and a JavaScript-based malware dubbed EVILNUM, which is used in attacks against similar organizations. When looking at files submitted by the same customer in a similar timeframe to the Cardinal RAT samples, Unit 42 reportedly also identified EVILNUM instances.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.