A brand new malware campaign has been discovered which is using important data stolen from a Colombian bank as a lure in phishing emails to drop a remote access trojan called BitRAT.
As of now, it is being reported that the unknown figure has hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure customers into opening file attachments.
A recent attack was discovered by cybersecurity firm Qualys, which found evidence of a database dump comprising 418,777 records that have been obtained by exploiting SQL injection faults.
The information that has been leaked includes Cédula numbers (a national identity document issued to Colombian citizens), phone numbers, customer names, email addresses, payment records, addresses, and salary details.
The Excel file, which contains the exfiltrated bank information, also embeds within it a macro that's used to download a second-stage DLL payload, which is configured to retrieve and install BitRAT in the system of the victim.
"It uses the WinHTTP library to download BitRAT embedded payloads from GitHub to the %temp% directory," Qualys researcher Akshat Pradhan reported.
Furthermore, he added that "Commercial off-the-shelf RATs have been evolving their methodology to spread and infect their victims. They have also increased the usage of legitimate infrastructures to host their payloads and defenders need to account for it."
BitRAT is a malicious program, which is known as a Remote Access Trojan (RAT). Hackers and a group of hackers use this Malware to get remote access and control over an infected system and network.
Furthermore, studies found that RATs have advanced technologically driven functionality. However, BitRAT is not considered the most sophisticated malware if we compare it to other malware software that are present today, nevertheless, it is highly dangerous.
Therefore, BitRAT infections must be curved immediately after its detection in the system.
It is a matter of concern since worldwide financial institutions are being targeted every day. Recently, the Dutch mobile security company identified a network of phishing websites targeting Italian online-banking users to get hold of their contact details.
