March 6, 2019 By David Bisson 2 min read

Security researchers discovered a new fileless malware strain targeting bank customers in Brazil and Thailand with a hacking tool and at least two infostealers.

Trend Micro observed that the malware, detected as Trojan.BAT.BANLOAD.THBAIAI, connects to hxxp://35[.]227[.]52[.]26/mods/al/md[.]zip to download PowerShell codes. It then connects to hxxp://35[.]227[.]52[.]26/loads/20938092830482 to execute the codes and contact other URLs before extracting and renaming its files so they appear to be valid Windows functions. From there, it forces the victim’s machine to restart and creates a lock screen designed to trick the user into providing his or her login credentials.

While it sets to work deleting all its dropped files, the malware downloads two other threats. The first, detected as TrojanSpy.Win32.BANRAP.AS, opens Outlook and sends stored email addresses to its command-and-control (C&C) server. The second, detected as HKTL_RADMIN, lets a digital attacker lock into the system once the user logs off, gain admin privileges and monitor screen activity.

Once the user logs back in after rebooting, the malware also drops a batch file with a command to load Trojan.JS.BANKER.THBAIAI. This Trojan monitors all sites visited by the victim for strings related to banking. When it finds something pertaining to a login session, it collects the information and sends it to its C&C server.

The Rise of Fileless Malware Attacks

The campaign described above comes amid a rise in fileless malware attacks. In an endpoint security report, for instance, Ponemon Institute found that operations involving PowerShell techniques and other fileless tactics accounted for more than 35 percent of all attacks observed in FY 2018. That’s up from 29 percent in FY 2017.

These attacks don’t show any sign of abating, either. Cisco Talos discovered an attack campaign in the beginning of 2019 in which bad actors used a PowerShell command to load Ursnif malware.

How to Defend Against a Banking Trojan

Security professionals can defend their organizations against digital threats like banking Trojans by regularly patching their software for known vulnerabilities. To be successful, it’s important to minimize shadow IT with an updated inventory of assets installed on the network. Additionally, security teams should craft a robust endpoint defense strategy that combines machine learning and threat detection sandboxing to protect against fileless malware attacks.

More from

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today