UPDATED 20:01 EST / JANUARY 27 2019

SECURITY

Redaman banking malware returns with new attack targeting Russian speakers

A new campaign using the Redaman malware has been detected in what could be the return of banking malware that first swept much of the world in 2015-2016.

Redaman is a form of banking malware that uses an application-defined “hook” procedure to monitor activity in Chrome, Firefox and Internet Explorer and steal login details for bank accounts.

The new campaign, detailed by security researchers at Palo Alto Networks Inc. last week, was first detected in September. Although primarily targeting users in Russia, it has also been detected in various former Soviet countries, Netherlands, U.S., Japan and Sweden.

Redaman is being distributed using what the researchers describe as a “malspam” campaign. Using bulk spam and phishing emails rather than targeted attacks, the email makes claims about funds owned. Email subject lines include “Debt due Wednesday,” “Documents Verification for October 2018” and “The package of documents for payment 1st October,” among others.

“These messages are often vague and they contain few details on the alleged financial issue,” the researches explained. “Their only goal is to trick the recipient into opening the attached archive and double-clicking the executable contained within.”

In addition to recording keystrokes so as to gain access to online banking, Redaman can also download additional malicious software that adds the ability to steal files, capture screenshots and record video, alter DNS configuration and other features.

Although the attacks so far have been in Russian, there is a fear that it could easily expand into other languages in the months ahead.

Ryan Wilk, vice president of customer success at NuData Security Inc., told SiliconANGLE that banks are under continuous attacks as cybercriminals leverage one technique and dynamically change it to keep up the barrage of attacks until they succeed and steal key information.

“This onslaught of online fraud is one of the biggest challenges for the financial community, but can be significantly mitigated with new technologies such as passive biometrics and behavioral analytics,” Wilk explained. “New multilayered technologies can help them prevent fraud even if cybercriminals get real credentials and identities.”

Image: Palo Alto Networks

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.