Skip to main content

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware.

By Editor


A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT.


The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments.


The discovery comes from cybersecurity firm Qualys, which found evidence of a database dump comprising 418,777 records that's said to have been obtained by exploiting SQL injection faults.


The leaked details include Cédula numbers (a national identity document issued to Colombian citizens), email addresses, phone numbers, customer names, payment records, salary details, and addresses, among others.


There are no signs that the information has been previously shared on any forums in the darknet or clear web, suggesting that the threat actors themselves got access to customer data to mount the phishing attacks.


The Excel file, which contains the exfiltrated bank data, also embeds within it a macro that's used to download a second-stage DLL payload, which is configured to retrieve and execute BitRAT on the compromised host.



BitRAT Malware

"It uses the WinHTTP library to download BitRAT embedded payloads from GitHub to the %temp% directory," Qualys researcher Akshat Pradhan said.


Created in mid-November 2022, the GitHub repository is used to host obfuscated BitRAT loader samples that are ultimately decoded and launched to complete the infection chains.


BitRAT, an off-the-shelf malware available on sale on underground forums for a mere $20, comes with a wide range of functionalities to steal data, harvest credentials, mine cryptocurrency, and download additional binaries.


"Commercial off the shelf RATs have been evolving their methodology to spread and infect their victims," Pradhan said. "They have also increased the usage of legitimate infrastructures to host their payloads and defenders need to account for it."


Source; THN.

Comments

Post a Comment

Popular posts from this blog

UGANDA ELECTORAL COMMISSION TO ELIMINATE NATIONAL IDENTIFICATION CARDS (IDs) FOR 2021 GENERAL ELECTIONS.

By Editor
The elimination of using National IDs (Ndagamuntu) for the 2021 elections should not have come as a surprise. One would be very NAIVE to think that Bobi Wine has not prepared for this in his Business Plan under the RISK section. It is public knowledge that our EC is not independent.  It is also public knowledge that Military Dictator Yoweri Museveni will never lose an election. What stunned us this morning is when we noticed that on social media, people were mocking Bobi with his "get your Ndagamuntu".  We are on record for saying to all Our readers that the National ID is like Apartheid in South Africa. Students of History would know how those IDs were being used to arrest people, deny them jobs, deny them basic services. Consequently, Bobi was not wrong and will never be wrong on the Ndagamuntu. Except the ones attacking him and mocking him forget that in Uganda, now, no National ID (Ndagamuntu), no service.  If you have not been denied registering your child i...
Post a Comment
Read more

Here is Why Our Utterances For Praying Jesus And God To Come Liberate Ugandans, May Be Misplaced. This Phrase is like inform of a Letter To Some Categorized Section Of Ugandans.

By Editor
https://m.facebook.com/yusufosuta/photos/a.1896701010557789/2070383359856219/?type=3 OPEN LETTER TO NRM SUPPORTERS - NATIONAL ROBBERS MOVEMENT. .................................................................................. Last week of March, a friend told me to pray for Uganda.  I told him that he was an Idiot and we have prayed for too long and we are still hungry and sick and Jesus is not coming soon to liberate us. He then ignored the STUPID and sent me a picture we all now know.  It got me totally messed up.  This guy was telling me to pray then sends a picture of men bowing down in blood.  He might have meant guns but I blocked him because his utterances of praying for Uganda were misplaced. I unblocked him 3 weeks later and asked him about praying and assassinations.  His reply "eithrr prayers or guns or both". I hate violence with a passion.  So he is now blocked in like FOREVER. Do you feel safe?  Do not feel safe. Uganda regim...
Post a Comment
Read more

CAN I CHANGE MY MIND ABOUT THE INHERITANCE I RECEIVED AND ASK FOR SOMETHING ELSE ?.

By Editor
#iip_updates . #Information_is_Power . Read more here https://informationispowah.blogspot.com/2023/07/can-i-change-my-mind-about-inheritance.html in the link. #we_inform_the_uninformed . Okello lost his wife 20 years ago and decided to only focus on their Mateo, Yona and Yosefu. 20 years later, Okello had 7 acres of land, a successful poultry business, and sinotrucks for hire. Early this year, Okello got a call telling him that one of his trucks knocked a boda boda. Okello decided to rush to see if he could sort it out before police became involved. Unfortunately, he never made it, as he was entering the main road, another trailer rammed into him and killed him instantly.   After Okello had been laid to rest, his sons sat down and divided the property amongst themselves. However, of late, Yosefu the last born has started complaining that he was cheated, and he wants to be given something else because most of the chicken in the chicken business died of a fever.   Can ...
Post a Comment
Read more