Cryptocurrency

Malware alert! Crypto trading firms are under attack

A Trojan-style malware is attacking Israeli fintech and cryptocurrency trading firms in an attempt to get revenge. This Cardinal RAT malware was also spotted several years ago in 2017 and went largely undetected for almost two years. It appears that the virus has returned and is going after the cryptocurrency trading firms again.

What the virus did before, was to enter into the computer using a downloader called Carp and uses Microsoft Excel’s documents to compile the source code into a program which then deploys the malware into the system.

However, the updated version of the malware has resurfaced which is evading “detection and hinder analysis”, according to the researchers from Palo Alto Networks’ Unit 42, an American multinational cybersecurity company.

See Also: Impostors pose as CIA agents to steal Bitcoins in new blackmail scheme

The latest version of the Cardinal RAT virus applies a number of techniques to go through the analyzing systems undetected and making it more difficult to find it. One of the techniques include steganography, it refers to a class of programming approach that are used to obscure messages, files, and other important data.

The virus is loaded into the victim’s computer through the data embedded into a Bitmap (BMP) image file during installation. It looks harmless from the surface but when the image is opened, the embedded code decodes itself and initiate the attack.

The malware steals your passwords, usernames, and other sensitive data which then it sends back to the malware operators giving them the power to steal your cryptocurrency.

According to the report from Unit 42, the malware operators perform the following actions;

  • Collect victim information
  • Update settings
  • Act as a reverse proxy
  • Execute command
  • Uninstall itself
  • Recover passwords
  • Download and Execute new files
  • Keylogging
  • Capture screenshots
  • Update Cardinal RAT
  • Clean cookies from browsers

Two Cardinal RAT attacks have been observed since 2017, and according to Unit 42 both times the victims were fintech companies based in Israel. A total of 13 reports have been received until now, which include nine from Israel, two from the US and one each from Austria and Japan.

Sponsored
Faisal Saeed

Share
Published by
Faisal Saeed

Recent Posts

Apple Set to Launch Its Most Affordable iPad in Spring 2025

Apple was rumored to introduce the iPad mini 7 and the new entry-level iPad together…

10 mins ago

CTD Budget Aims to Strengthen Digital Surveillance

The Punjab government has approved an additional budget of over Rs. 1.9 billion to strengthen…

10 mins ago

PSX Sees Sharp Drop as Shares Tumble Nearly 2,000 Points Amid Afghanistan Tensions

The Pakistan Stock Exchange (PSX) experienced a sharp decline on Thursday, as bearish sentiment took…

3 hours ago

xAI’s Latest $6 Billion Funding Round Positions Musk’s AI Firm for Global Leadership

Elon Musk's artificial intelligence venture, xAI, has successfully raised $6 billion in its Series C…

3 hours ago

Shark Tank India Judges Critique Shark Tank Pakistan’s Viral Pitch

Shark Tank India judges Anupam Mittal and Aman Gupta recently weighed in on Shark Tank…

3 hours ago

Only 600,000 of 3.3 Million Top Pakistani Earners File Taxes; FBR Report

The Federal Board of Revenue (FBR) Chairman Rashid Mahmood Langrial has revealed that Pakistan’s top…

4 hours ago