A new campaign using the Redaman malware has been detected in what could be the return of banking malware that first swept much of the world in 2015-2016.

Redaman is a form of banking malware that uses an application-defined “hook” procedure to monitor activity in Chrome, Firefox and Internet Explorer and steal login details for bank accounts.

The new campaign, detailed by security researchers at Palo Alto Networks Inc. last week, was first detected in September. Although primarily targeting users in Russia, it has also been detected in various former Soviet countries, Netherlands, U.S., Japan and Sweden.

Redaman is being distributed using what the researchers describe as a “malspam” campaign. Using bulk spam and phishing emails rather than targeted attacks, the email makes claims about funds owned. Email subject lines include “Debt due Wednesday,” “Documents Verification for October 2018” and “The package of documents for payment 1st October,” among others.

“These messages are often vague and they contain few details on the alleged financial issue,” the researches explained. “Their only goal is to trick the recipient into opening the attached archive and double-clicking the executable contained within.”

In addition to recording keystrokes so as to gain access to online banking, Redaman can also download additional malicious software that adds the ability to steal files, capture screenshots and record video, alter DNS configuration and other features.

Although the attacks so far have been in Russian, there is a fear that it could easily expand into other languages in the months ahead.

Ryan Wilk, vice president of customer success at NuData Security Inc., told SiliconANGLE that banks are under continuous attacks as cybercriminals leverage one technique and dynamically change it to keep up the barrage of attacks until they succeed and steal key information.

“This onslaught of online fraud is one of the biggest challenges for the financial community, but can be significantly mitigated with new technologies such as passive biometrics and behavioral analytics,” Wilk explained. “New multilayered technologies can help them prevent fraud even if cybercriminals get real credentials and identities.”

Image: Palo Alto Networks