SECURITY
SECURITY
SECURITY
Redaman banking malware returns with new attack targeting Russian speakers
A new campaign using the Redaman malware has been detected in what could be the return of banking malware that first swept much of the world in 2015-2016.
Redaman is a form of banking malware that uses an application-defined “hook” procedure to monitor activity in Chrome, Firefox and Internet Explorer and steal login details for bank accounts.
The new campaign, detailed by security researchers at Palo Alto Networks Inc. last week, was first detected in September. Although primarily targeting users in Russia, it has also been detected in various former Soviet countries, Netherlands, U.S., Japan and Sweden.
Redaman is being distributed using what the researchers describe as a “malspam” campaign. Using bulk spam and phishing emails rather than targeted attacks, the email makes claims about funds owned. Email subject lines include “Debt due Wednesday,” “Documents Verification for October 2018” and “The package of documents for payment 1st October,” among others.
“These messages are often vague and they contain few details on the alleged financial issue,” the researches explained. “Their only goal is to trick the recipient into opening the attached archive and double-clicking the executable contained within.”
In addition to recording keystrokes so as to gain access to online banking, Redaman can also download additional malicious software that adds the ability to steal files, capture screenshots and record video, alter DNS configuration and other features.
Although the attacks so far have been in Russian, there is a fear that it could easily expand into other languages in the months ahead.
Ryan Wilk, vice president of customer success at NuData Security Inc., told SiliconANGLE that banks are under continuous attacks as cybercriminals leverage one technique and dynamically change it to keep up the barrage of attacks until they succeed and steal key information.
“This onslaught of online fraud is one of the biggest challenges for the financial community, but can be significantly mitigated with new technologies such as passive biometrics and behavioral analytics,” Wilk explained. “New multilayered technologies can help them prevent fraud even if cybercriminals get real credentials and identities.”
Image: Palo Alto Networks
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
