Financial technology companies in the occupied territories that develop products related to currency trading related to Forex have become the next target for malware.
According to a blog recently published by Unit 42, the Palo Alto Networks’ Threat and Research Discovery Section found many things. As described in the blog post, analysts first discovered an older version of the malware code known as Cardinal RAT in April 2017.
Two years ago, security threats related to Cardinal RAT were found in programs developed by two technology companies in the country. The malicious software was apparently detected in Forex-related digital currency trading programs. Referred to as Remote Access Trojan, malicious software allows attackers to remotely access and control programs.
In an attempt to avoid discovery, the latest version of the Cardinal RAT software for malware used advanced jamming techniques. However, the Unit 42 research team is still able to detect malicious software for malware.
Malware is used to access the victim’s data to modify their system settings and act as a reverse agent that can execute the commands (remotely) – with the ability to uninstall itself as well. It is used to get user passwords and can attack downloaded files and execute them on their own operating system.
Moreover, malware can work as a keylogger and capture screenshots on the victim’s computer. Module 42 explains that malware was used to target Forex programs and digital currency programs created by financial technology companies.
As reported by CryptoGlobe, according to the research team’s analysis, both Cardinal RAT and EVILNUM were previously used to launch attacks against programs designed by financial technology companies.
As the researchers have described, EVILNUM malware can execute commands on user operating systems without notice or need permission.