[ad_1]
A brand new malware marketing campaign has been noticed utilizing delicate data stolen from a financial institution as a lure in phishing emails to drop a distant entry trojan known as BitRAT.
The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative financial institution, utilizing the knowledge to craft convincing decoy messages to lure victims into opening suspicious Excel attachments.
The discovery comes from cybersecurity agency Qualys, which discovered proof of a database dump comprising 418,777 information that is mentioned to have been obtained by exploiting SQL injection faults.
The leaked particulars embody Cédula numbers (a nationwide identification doc issued to Colombian residents), electronic mail addresses, telephone numbers, buyer names, fee information, wage particulars, and addresses, amongst others.
There aren’t any indicators that the knowledge has been beforehand shared on any boards within the darknet or clear net, suggesting that the risk actors themselves bought entry to buyer information to mount the phishing assaults.
The Excel file, which incorporates the exfiltrated financial institution information, additionally embeds inside it a macro that is used to obtain a second-stage DLL payload, which is configured to retrieve and execute BitRAT on the compromised host.
“It makes use of the WinHTTP library to obtain BitRAT embedded payloads from GitHub to the %temp% listing,” Qualys researcher Akshat Pradhan mentioned.
Created in mid-November 2022, the GitHub repository is used to host obfuscated BitRAT loader samples which are finally decoded and launched to finish the an infection chains.
BitRAT, an off-the-shelf malware out there on sale on underground boards for a mere $20, comes with a wide selection of functionalities to steal information, harvest credentials, mine cryptocurrency, and obtain extra binaries.
“Commercial off the shelf RATs have been evolving their methodology to unfold and infect their victims,” Pradhan mentioned. “They have additionally elevated the utilization of respectable infrastructures to host their payloads and defenders have to account for it.”