• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Hacking group returns, switches from ransomware to trojan malware

Brink

Staff member
mvp
Oklahoma, USA

Posts
32,388
#1
A prolific hacking group has returned with a new campaign which looks to deliver a new remote access trojan (RAT) to victims in order to create a backdoor into PCs to steal credentials and banking information.

The campaign is suspected to be the work of TA505, a well-resourced hacking group which has been active since at least 2014. The group has launched some of the largest cyber attack campaigns of recent years, with victims targeted with the Dridex banking trojan, Locky ransomware, Jaff ransomware and more.

Many of these campaigns have been launched with the aid of the Necurs botnet, one of the largest spam generators used by cyber criminals.

Now TA505 is running a new campaign, which has been detailed by researchers at security company Proofpoint. In line with a change of focus by other cyber criminal groups, TA505 has shifted away from ransomware and banking trojans and now appears to focus on RATs -- including one which has only recently appeared and had only been used twice before. In both previous cases, the attackers remain unidentified.

Dubbed tRat by researchers, the malware is predominantly targeting financial institutions and is being distributed with the aim of grabbing credentials, financial data, and other information that would be useful to cyber criminal operations. Researchers also warn that it could have other capabilities that haven't been put into operation yet.

The malware campaign was first detected in late September, with phishing emails offering its targets secure files that need to be opened. If the user opens the attachment, the Word document claims to be protected by security firm Symantec and asks the user to enable macros to see the supposed secure files...

Read more: Hacking group returns, switches attacks from ransomware to trojan malware | ZDNet
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    250GB Samsung 960 EVO M.2,
    256GB OCZ Vector,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech wireless K800
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD