Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

African banking sector targeted by malware-based phishing campaign

A cybercrime campaign targeting the African banking sector is leveraging phishing emails and HTML smuggling techniques to deploy malware.

A series of attacks has been reported across West Africa, with attackers posing as prospective employers to lure victims into downloading malicious files.

Researchers from HP Wolf Security, who have been tracking the campaign, noted that they first spotted the attacks in “early 2022”, when an employee of an unnamed West African bank received an email purporting to be from a recruiter at another African bank with information about job opportunities.

On investigating, researchers found that the domain used to send the email was typosquatted and did not belong to the mimicked organization.

A WHOIS request later revealed that the domain was registered in December 2021 and visiting the website returned an HTTP 404 response. To make the lure more credible, the threat actor also included a reply-to address of another supposed employee of the recruiting bank.

Smuggling campaign

The emails contained HTML files which, if opened, prompt the user to download an ISO file, which in turn contains a Visual Basic script that executes malware.

This technique, called HTML smuggling, enables attackers to smuggle malicious files past email gateway security.

Researchers from HP Wolf Security discovered that attackers were using a downloader called GuLoader, which is executed using PowerShell via code stored in the Registry and is otherwise only run in memory.

“Detecting such a chain of infection is not easy, as the malware is only located in memory and the registry,” researchers noted in a blog post.

Speaking to The Daily Swig, Patrick Schläpfer, malware analyst at HP Wolf Security, said that while the research team doesn’t have insight on why Africa in particular was targeted, financial institutions generally offer “a high degree of opportunity for cybercriminals to monetize access and stolen data if they successfully compromise a bank’s network”.

Schläpfer added: “In this campaign the attackers used a combination of attack techniques. We would recommend that companies watch out for brand abuse, namely typosquatted websites that impersonate their brand.

“If these are found, they should be reported to the hosting provider and domain registrar as soon as possible.

“Furthermore, organizations should also make sure they have visibility over their network to isolate or block malicious process behavior. These recommendations apply to all organizations, not only the banking sector in Africa.”

The researcher also noted that while techniques such as phishing emails are not necessarily sophisticated, “such attacks still lead to infections”.

Schläpfer added: “In this campaign, the attackers put an unusual effort into setting up fake websites to increase the credibility of their emails and thus the chances of infection.

Advertisement. Scroll to continue reading.

“The HTML smuggling technique also stands out as it’s not easy to detect and therefore often makes its way past email gateway to users.”

More information on the campaign can be found in HP Wolf Security’s blog post.

Source: https://portswigger.net/daily-swig/african-banking-sector-targeted-by-malware-based-phishing-campaign

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO