A brand new malware campaign has been discovered which is using important data stolen from a Colombian bank as a lure in phishing emails to drop a remote access trojan called BitRAT.
As of now, it is being reported that the unknown figure has hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure customers into opening file attachments.
A recent attack was discovered by cybersecurity firm Qualys, which found evidence of a database dump comprising 418,777 records that have been obtained by exploiting SQL injection faults.
The information that has been leaked includes Cédula numbers (a national identity document issued to Colombian citizens), phone numbers, customer names, email addresses, payment records, addresses, and salary details.
The Excel file, which contains the exfiltrated bank information, also embeds within it a macro that’s used to download a second-stage DLL payload, which is configured to retrieve and install BitRAT in the system of the victim.
“It uses the WinHTTP library to download BitRAT embedded payloads from GitHub to the %temp% directory,” Qualys researcher Akshat Pradhan reported.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: