Security researchers are warning that over a hundred banks and financial institutions around the world are infected with a dangerous sophisticated type of malware, being almost undetectable.
The noted Russian security firm Kaspersky Lab is detailing on Wednesday some of their findings, which indicate that one or multiple groups of hackers are targeting at least 140 banks and organizations with complex pieces of code, designed to siphon off credentials and money.
The malware in question is especially devious, because it falls in a class of “fileless” software attack programs, which lives exclusively in a device’s memory, leaving almost no trace behind. This type of malware isn’t exactly new, but it’s growing prevalence is a very worrying sign for security researchers and network administrators. Once considered the domain of nation states, and occasionally having a tenuous link to the original Stuxnet worm, this type of in-memory malware is gaining popularity with cybercriminals.
Attackers are reportedly using the malware to spy on infected machines gaining credentials and information from inside of the infected institutions, but also control ATMs and siphon off cash.
According to Kaspersky Lab findings, one of the common traits of these recent infections is that they rely on legitimate tools like Windows PowerShell to gain control of a device. They also hide PowerShell commands in registries, to leave fewer pieces of evidence behind.
Kaspersky Lab will release further information as it continues investigating, as well as provide indicators for compromised machines. Details on how the attackers siphoned money out of ATMs will be provided in April.