Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

RTM gang is the cybercrime organization that targets remote banking system

Researchers at ESET are monitoring the activity of a cybercrime group tracked as RTM that focuses its criminal operations on Remote Banking Systems. Experts at software firm ESET are monitoring the activity of a cybercrime group tracked as RTM that using a sophisticated malware written in Delphi language to target Remote Banking Systems (RBS). The […]

RTM gang is the cybercrime organization that targets remote banking system

Researchers at ESET are monitoring the activity of a cybercrime group tracked as RTM that focuses its criminal operations on Remote Banking Systems.

Experts at software firm ESET are monitoring the activity of a cybercrime group tracked as RTM that using a sophisticated malware written in Delphi language to target Remote Banking Systems (RBS). The Remote Banking Systems are business software used to make bulk financial transfers.

The Russian CERT FinCERT who is involved in the investigation of cybercrime targeting Russian financial institutions 2016 issued a security advisory.

According to ESET, the RTM gang has been active since 2015 and used a spyware to monitor the victims’machines.

“This group, active since at least 2015, is using malware, written in Delphi, to spy on its victims in a variety of ways, such as monitoring keystrokes and smart cards inserted into the system.” reads the blog post published by ESET.

The malware allows the RTM gang to monitor real-time the banking-related activities of the victims as well as the possibility to exfiltrate data from their PCs.

The malicious code used by the crooks actively searches for export files that are commonly used to a widespread accounting software called “1C: Enterprise 8”, mostly in Russia.

These specific files contain details of bulk transfers and are managed by RBS systems to complete payment orders. Intercepting these files, it is possible to modify them in order to hijack payments.

Researchers at ESET highlighted that the same attack technique was also used by other criminal organizations, such as Buhtrap and Corkow, that have also targeted RBS users in the past, slowly building an understanding of the network and building custom tools to steal from corporate victims.

Both groups used custom tools to target the RBS systems in the past, and the recent operations conducted by the RTM confirm that criminal organizations are looking with interest at this specific hacking activity.

The RTM mainly targeted financial organizations in Russia and in neighbor countries, but the experts warn that other groups using similar tactics are operating in Western Europe.

ESET published a white paper detailing the activities of the RTM gang, enjoy it!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – RTM group, cybercrime)