Saturday, March 2, 2024

New Banking Malware Steal Money From Victim’s Bank Accounts Using Weaponized Adobe Reader

Newly discovered banking malware steal money from targeted victims bank accounts that distributed via malicious Adobe Reader.

A researcher discovered more than 300 unique samples which are used by 200 servers to compromise and steal money from victims bank account especially from  Brazilian credit institutions clients.

This Malware’s unique capability and evasion technique trying to find out whether the injected system has run under a virtual environment, if yes then it automatically terminates itself.

Also, it keeps monitoring the victims Windows local language settings and finds out the Portuguese language in order to avoid infection.

Dr.Web researchers named this malware as  Trojan.PWS.Banker1.28321 and it launch with the name of adobe reader.

Banking Malware Infection Process

The initial infection started by dropping malicious adobe reader applications into victims machine which later drops the VBscript scripts since the malware is written in .NET.

Once the infected users execute the malware then the load script is dropped by standard MSScriptControl.ScriptControl COM object.

Later it connects to attackers command & control server and downloads two ZIP-archives from it.

According to Dr. Web Research, One file contains the obfuscated dynamic library created using Delphi development environment. This library contains the malicious program’s main functions.

After the complete infection, Once the victims open the Internet banking sites of various Brazilian financial institutions such as Santander, Diagnostico BB, Sicredi, etc then it will replace the original web page with malicious fake authentication form.

Finally malware requests to enter an authorization verification code that received from banks then it will send to the attackers.

This scheme of replacing the content of original, user-viewed web pages with the “bank-client” systems is used by many banking Trojans. Often they threaten credit institutions’ clients not only in Brazil but around the world, Dr. Web Said.

Also Read:

Beware!! New Android Malware That Can Read Your WhatsApp Messages & Take Screen Shots

APT Group Uses Dangerous LoJax Malware That Can Survive After OS Re-installation and Hard Disk Replacement

Website

Latest articles

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles