430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

PiceBOT crimeware hit Latin American banking

In the last weeks we discussed on the efficiency of exploit kits, malicious tool kits  that allow to the attackers to exploit a huge quantity of vulnerabilities in victims systems. These products are largely diffused in the underground where is possible to find different tools usable for various purpose, most precious are those kit that […]

PiceBOT crimeware hit Latin American banking

In the last weeks we discussed on the efficiency of exploit kits, malicious tool kits  that allow to the attackers to exploit a huge quantity of vulnerabilities in victims systems. These products are largely diffused in the underground where is possible to find different tools usable for various purpose, most precious are those kit that contains code to exploit zero day vulnerabilities.

The exploit kits are being the principal instruments for cyber criminals, recently security community has uncovered a  new cyber crimeware kit dubbed ‘PiceBOT’ sold in the underground market at the modest sum of $140.

The crimeware kit allows to the criminals to organize a botnet to steal financial information through local pharming attacks. Pharming attack redirects user to the fake page even though user enter the correct address. The term pharming is a derived from phishing and farming, the techniques usually adopted to implement the attack are DNS Poisoning and  HOSTS file Modification.

The malicious agent allows to the attacker to take complete control over the victims that could be used also to spread malware, it is just a sample of criminal activities, recently other botnets such as the vOlk (Mexico) and S.A.P.Z. (Peru) have been designed with same purpose.

The crimeware kit is diffused in Latin American where is targeting the clients of the major financial institutions, Chile, Peru, Panama, Costa Rica, Mexico, Colombia, Uruguay, Venezuela, Ecuador, Nicaragua and Argentina are countries hit by the malware.

In the following image the administration panel of the tool kit, what is singular is the authentication process to access to the admin console that is based on a single factor represented by the password.

 

According Kaspersky Lab, the malware named Trojan-Dropper.Win32.Injector has been detected at least in a couple of dozen variants.

The post published securlist.com describe the infection process:

“In addition, the primary propagation cycle downloads a Trojan dropper that establishes the first clandestine communication with the C2 (Command and Control Panel) botnet sending the parameters of interest to cybercriminal. Another piece of malware is then downloaded from the URL set in “url_des.txt”, and modifies the information in the hosts file via the parameters from “toma.php”.”

Latin America is considered a strategic region for criminals, the cost to arrange a cyber scam in the region is cheaper than other region such as Europe and the recent attacks have demonstrated that the return on investment (ROI) is almost immediate, “because despite the use of trivial techniques that are enhanced with visual social engineering, the infection rate using these codes is very high, mainly due to a lack of awareness among users.”

The best defense against this type of cyber threat is to keep systems up to date, adopt protection system and be aware of the phishing messages that may arrive.

Pierluigi Paganini