Attackers target dozens of global banks with new malware
Contents
Organizations in 31 countries have been targeted in a new wave of attacks which has been underway since at least October 2016. The attackers used compromised websites or “watering holes” to infect pre-selected targets with previously unknown malware. There has been no evidence found yet that funds have been stolen from any infected banks.
The attacks came to light when a bank in Poland discovered previously unknown malware running on a number of its computers. The bank then shared indicators of compromise (IOCs) with other institutions and a number of other institutions confirmed that they too had been compromised.
As reported, the source of the attack appears to have been the website of the Polish financial regulator. The attackers compromised the website to redirect visitors to an exploit kit which attempted to install malware on selected targets.
Symantec has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit …
The attacks came to light when a bank in Poland discovered previously unknown malware running on a number of its computers. The bank then shared indicators of compromise (IOCs) with other institutions and a number of other institutions confirmed that they too had been compromised.
As reported, the source of the attack appears to have been the website of the Polish financial regulator. The attackers compromised the website to redirect visitors to an exploit kit which attempted to install malware on selected targets.
Symantec has blocked attempts to infect customers in Poland, Mexico and Uruguay by the same exploit …
IoC
1507e7a741367745425e0530e23768e6
18a451d70f96a1335623b385f0993bcc
1f7897b041a812f96f1925138ea38c46
200c0f4600e54007cb4707c9727b1171f56c17c80c16c53966535c57ab684e22
3af4e21bbbeb846ca295143e03ec0054
4fe3c853ab237005f7d62324535dd641e1e095d1615a416a9b39e042f136cf6b
7c77ec259162872bf9ab18f6754e0e844157b31b32b4a746484f444b9f9a3836
7fe80cee04003fed91c02e3a372f4b01
825624d8a93c88a811262bd32cc51e19538c5d65f6f9137e30e72c5de4f044cc
911de8d67af652a87415f8c0a30688b2
91b2558f5319960c85522dc8e372a2b9
95c8ffe03547bcb0afd4d025fb14908f5230c6dc6fdd16686609681c7f40aca2
99017270f0af0e499cfeb19409020bfa0c2de741e5b32b9f6a01c34fe13fda7d
cb52c013f7af0219d45953bae663c9a2
efa57ca7aa5f42578ab83c9d510393fcf4e981a3eb422197973c65b7415863e7
http://eye-watch.in
http://sap.misapor.ch
18a451d70f96a1335623b385f0993bcc
1f7897b041a812f96f1925138ea38c46
200c0f4600e54007cb4707c9727b1171f56c17c80c16c53966535c57ab684e22
3af4e21bbbeb846ca295143e03ec0054
4fe3c853ab237005f7d62324535dd641e1e095d1615a416a9b39e042f136cf6b
7c77ec259162872bf9ab18f6754e0e844157b31b32b4a746484f444b9f9a3836
7fe80cee04003fed91c02e3a372f4b01
825624d8a93c88a811262bd32cc51e19538c5d65f6f9137e30e72c5de4f044cc
911de8d67af652a87415f8c0a30688b2
91b2558f5319960c85522dc8e372a2b9
95c8ffe03547bcb0afd4d025fb14908f5230c6dc6fdd16686609681c7f40aca2
99017270f0af0e499cfeb19409020bfa0c2de741e5b32b9f6a01c34fe13fda7d
cb52c013f7af0219d45953bae663c9a2
efa57ca7aa5f42578ab83c9d510393fcf4e981a3eb422197973c65b7415863e7
http://eye-watch.in
http://sap.misapor.ch