A technology company detected an infection with an extract information Trojan
Network security and ethical hacking experts
from the International Institute of Cyber Security confirmed the emergence of a
new Trojan infecting multiple retail networks. In this new campaign, hackers
have already managed to steal large amounts of confidential data to put on sale
in dark
web forums.
The company specializing in the development of
small business technology Panda Trading Systems claims to have detected the
Trojan a few weeks ago.
“This is a perfectly structured campaign
against brokers, affiliate networks and other companies considered retail
businesses”, commented the Director of Commercial Development at Panda Trading
Systems. “After detecting the virus we launched a security warning, hoping that
it would help our industry colleagues to prevent possible infections”.
According to network
security experts, Panda TS IT teams detected the malware during routine
analysis of their customers’ call centers. After an internal investigation,
Panda TS security teams found the malware; the company claims that it also
detected the perpetrators of the attack, but can’t reveal more details because
a police investigation is underway.
In questioning various actors in the retail
industries, some confirmed that malware had also been detected in their
networks, and commented that in some cases hackers achieved their task. “I can
confirm that our systems were infected with a virus, although we ruled out that
hackers have managed to steal our information,” says the CEO of a broker
agency.
According to experts in network security, the
virus reached the business networks of these businesses through hackers who
pretended to be traders. Hackers sent false documents to brokers, impersonating
bills or customer lists.
After downloading some of those files (Word
documents, usually), hackers asked the victims to enable content editing, an action
that started downloading a PowerShell on the victim’s machine.
Panda TS teams have identified various malware
variants, including the Emotet virus, used for activities such as password
theft, emails and payment card details. Some types of malware were also found
to remotely access a victim’s computer and operate it in silent mode.
“These variants of malware are very similar to
those used in the attacks on Ukraine’s infrastructure,” said a specialist in a
cybersecurity firm. “Similar malware variants have been identified in multiple
attacks on banks; If I were to operate any of the potentially vulnerable
businesses, I would try to strengthen my security as soon as possible.”
Panda TS teams say that, although so far only
small traders have been infected, it is not ruled out that larger companies in
various branches begin to be attacked as well.
Finally, Panda TS was able to confirm that the
information extracted from these companies is already on sale in various dark
web forums.
